summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorJason Wright <jason@cvs.openbsd.org>2003-02-16 19:54:21 +0000
committerJason Wright <jason@cvs.openbsd.org>2003-02-16 19:54:21 +0000
commitca464888ff0bb2738c5ff4f1e6025280e0ea6d19 (patch)
treefeadcb09f522c8597ede02d3a50521e9ef3a1ca3 /sys
parent0ee786dc6bdc3a051e9700a9437bca89821fc1a2 (diff)
KNF
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pfkey.c359
-rw-r--r--sys/net/pfkeyv2.c3035
-rw-r--r--sys/net/pfkeyv2.h209
-rw-r--r--sys/net/pfkeyv2_parsemessage.c400
4 files changed, 1944 insertions, 2059 deletions
diff --git a/sys/net/pfkey.c b/sys/net/pfkey.c
index 1d3d09b3054..628c0028b67 100644
--- a/sys/net/pfkey.c
+++ b/sys/net/pfkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkey.c,v 1.12 2002/12/11 21:48:40 fgsch Exp $ */
+/* $OpenBSD: pfkey.c,v 1.13 2003/02/16 19:54:20 jason Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
@@ -83,7 +83,8 @@
#include <net/raw_cb.h>
#define PFKEY_PROTOCOL_MAX 3
-static struct pfkey_version *pfkey_versions[PFKEY_PROTOCOL_MAX+1] = { NULL, NULL, NULL, NULL };
+static struct pfkey_version *pfkey_versions[PFKEY_PROTOCOL_MAX+1] =
+ { NULL, NULL, NULL, NULL };
#define PFKEY_MSG_MAXSZ 4096
@@ -91,262 +92,268 @@ struct sockaddr pfkey_addr = { 2, PF_KEY, };
/* static struct domain pfkey_domain; */
static int pfkey_usrreq(struct socket *socket, int req, struct mbuf *mbuf,
- struct mbuf *nam, struct mbuf *control);
+ struct mbuf *nam, struct mbuf *control);
static int pfkey_output(struct mbuf *mbuf, struct socket *socket);
int pfkey_register(struct pfkey_version *version);
int pfkey_unregister(struct pfkey_version *version);
int pfkey_sendup(struct socket *socket, struct mbuf *packet, int more);
void pfkey_init(void);
-static int pfkey_buildprotosw(void);
+int pfkey_buildprotosw(void);
int
pfkey_register(struct pfkey_version *version)
{
- int rval;
+ int rval;
- if ((version->protocol > PFKEY_PROTOCOL_MAX) || (version->protocol < 0))
- return EPROTONOSUPPORT;
+ if ((version->protocol > PFKEY_PROTOCOL_MAX) ||
+ (version->protocol < 0))
+ return (EPROTONOSUPPORT);
- if (pfkey_versions[version->protocol])
- return EADDRINUSE;
+ if (pfkey_versions[version->protocol])
+ return (EADDRINUSE);
- pfkey_versions[version->protocol] = version;
+ pfkey_versions[version->protocol] = version;
- if ((rval = pfkey_buildprotosw()) != 0) {
- pfkey_versions[version->protocol] = NULL;
- return rval;
- }
+ if ((rval = pfkey_buildprotosw()) != 0) {
+ pfkey_versions[version->protocol] = NULL;
+ return (rval);
+ }
- return 0;
+ return (0);
}
int
pfkey_unregister(struct pfkey_version *version)
{
- int rval;
+ int rval;
- if ((rval = pfkey_buildprotosw()) != 0)
- return rval;
+ if ((rval = pfkey_buildprotosw()) != 0)
+ return (rval);
- pfkey_versions[version->protocol] = NULL;
- return 0;
+ pfkey_versions[version->protocol] = NULL;
+ return (0);
}
int
pfkey_sendup(struct socket *socket, struct mbuf *packet, int more)
{
- struct mbuf *packet2;
- int s;
-
- if (more) {
- if (!(packet2 = m_copym2(packet, 0, M_COPYALL, M_DONTWAIT)))
- return ENOMEM;
- } else
- packet2 = packet;
-
- s = spltdb();
- if (!sbappendaddr(&socket->so_rcv, &pfkey_addr, packet2, NULL)) {
- m_freem(packet2);
- splx(s);
- return ENOBUFS;
- }
- splx(s);
-
- sorwakeup(socket);
- return 0;
+ struct mbuf *packet2;
+ int s;
+
+ if (more) {
+ if (!(packet2 = m_copym2(packet, 0, M_COPYALL, M_DONTWAIT)))
+ return (ENOMEM);
+ } else
+ packet2 = packet;
+
+ s = spltdb();
+ if (!sbappendaddr(&socket->so_rcv, &pfkey_addr, packet2, NULL)) {
+ m_freem(packet2);
+ splx(s);
+ return (ENOBUFS);
+ }
+ splx(s);
+
+ sorwakeup(socket);
+ return (0);
}
static int
pfkey_output(struct mbuf *mbuf, struct socket *socket)
{
- void *message;
- int error = 0;
+ void *message;
+ int error = 0;
#if DIAGNOSTIC
- if (!mbuf || !(mbuf->m_flags & M_PKTHDR)) {
- error = EINVAL;
- goto ret;
- }
+ if (!mbuf || !(mbuf->m_flags & M_PKTHDR)) {
+ error = EINVAL;
+ goto ret;
+ }
#endif /* DIAGNOSTIC */
- if (mbuf->m_pkthdr.len > PFKEY_MSG_MAXSZ) {
- error = EMSGSIZE;
- goto ret;
- }
+ if (mbuf->m_pkthdr.len > PFKEY_MSG_MAXSZ) {
+ error = EMSGSIZE;
+ goto ret;
+ }
- if (!(message = malloc((unsigned long) mbuf->m_pkthdr.len, M_PFKEY,
- M_DONTWAIT))) {
- error = ENOMEM;
- goto ret;
- }
+ if (!(message = malloc((unsigned long) mbuf->m_pkthdr.len,
+ M_PFKEY, M_DONTWAIT))) {
+ error = ENOMEM;
+ goto ret;
+ }
- m_copydata(mbuf, 0, mbuf->m_pkthdr.len, message);
+ m_copydata(mbuf, 0, mbuf->m_pkthdr.len, message);
- error =
- pfkey_versions[socket->so_proto->pr_protocol]->send(socket, message,
- mbuf->m_pkthdr.len);
+ error = pfkey_versions[socket->so_proto->pr_protocol]->send(socket,
+ message, mbuf->m_pkthdr.len);
- ret:
- if (mbuf)
- m_freem (mbuf);
- return error;
+ret:
+ if (mbuf)
+ m_freem (mbuf);
+ return (error);
}
static int
pfkey_attach(struct socket *socket, struct mbuf *proto)
{
- int rval;
- int s;
+ int rval;
+ int s;
- if (!(socket->so_pcb = malloc(sizeof(struct rawcb), M_PCB, M_DONTWAIT)))
- return ENOMEM;
- bzero(socket->so_pcb, sizeof(struct rawcb));
+ if (!(socket->so_pcb = malloc(sizeof(struct rawcb),
+ M_PCB, M_DONTWAIT)))
+ return (ENOMEM);
+ bzero(socket->so_pcb, sizeof(struct rawcb));
- s = splnet();
- rval = raw_usrreq(socket, PRU_ATTACH, NULL, proto, NULL);
- splx(s);
- if (rval)
- goto ret;
+ s = splnet();
+ rval = raw_usrreq(socket, PRU_ATTACH, NULL, proto, NULL);
+ splx(s);
+ if (rval)
+ goto ret;
- ((struct rawcb *)socket->so_pcb)->rcb_faddr = &pfkey_addr;
- soisconnected(socket);
+ ((struct rawcb *)socket->so_pcb)->rcb_faddr = &pfkey_addr;
+ soisconnected(socket);
- socket->so_options |= SO_USELOOPBACK;
- if ((rval = pfkey_versions[socket->so_proto->pr_protocol]->create(socket))
- != 0)
- goto ret;
+ socket->so_options |= SO_USELOOPBACK;
+ if ((rval =
+ pfkey_versions[socket->so_proto->pr_protocol]->create(socket)) != 0)
+ goto ret;
- return 0;
+ return (0);
ret:
- free(socket->so_pcb, M_PCB);
- return rval;
+ free(socket->so_pcb, M_PCB);
+ return (rval);
}
static int
pfkey_detach(struct socket *socket)
{
- int rval, i, s;
+ int rval, i, s;
- rval = pfkey_versions[socket->so_proto->pr_protocol]->release(socket);
- s = splnet();
- i = raw_usrreq(socket, PRU_DETACH, NULL, NULL, NULL);
- splx(s);
+ rval = pfkey_versions[socket->so_proto->pr_protocol]->release(socket);
+ s = splnet();
+ i = raw_usrreq(socket, PRU_DETACH, NULL, NULL, NULL);
+ splx(s);
- if (!rval)
- rval = i;
+ if (!rval)
+ rval = i;
- return rval;
+ return (rval);
}
static int
pfkey_usrreq(struct socket *socket, int req, struct mbuf *mbuf,
- struct mbuf *nam, struct mbuf *control)
+ struct mbuf *nam, struct mbuf *control)
{
- int rval;
- int s;
+ int rval;
+ int s;
- if ((socket->so_proto->pr_protocol > PFKEY_PROTOCOL_MAX) ||
- (socket->so_proto->pr_protocol < 0) ||
- !pfkey_versions[socket->so_proto->pr_protocol])
- return EPROTONOSUPPORT;
+ if ((socket->so_proto->pr_protocol > PFKEY_PROTOCOL_MAX) ||
+ (socket->so_proto->pr_protocol < 0) ||
+ !pfkey_versions[socket->so_proto->pr_protocol])
+ return (EPROTONOSUPPORT);
- switch(req) {
- case PRU_ATTACH:
- return pfkey_attach(socket, nam);
+ switch(req) {
+ case PRU_ATTACH:
+ return (pfkey_attach(socket, nam));
- case PRU_DETACH:
- return pfkey_detach(socket);
+ case PRU_DETACH:
+ return (pfkey_detach(socket));
- default:
- s = splnet();
- rval = raw_usrreq(socket, req, mbuf, nam, control);
- splx(s);
- }
+ default:
+ s = splnet();
+ rval = raw_usrreq(socket, req, mbuf, nam, control);
+ splx(s);
+ }
- return rval;
+ return (rval);
}
static struct domain pfkey_domain = {
- PF_KEY,
- "PF_KEY",
- NULL, /* init */
- NULL, /* externalize */
- NULL, /* dispose */
- NULL, /* protosw */
- NULL, /* protoswNPROTOSW */
- NULL, /* dom_next */
- rn_inithead, /* dom_rtattach */
- 16, /* rtoffset */
- sizeof(struct sockaddr_encap) /* maxrtkey */
+ PF_KEY,
+ "PF_KEY",
+ NULL, /* init */
+ NULL, /* externalize */
+ NULL, /* dispose */
+ NULL, /* protosw */
+ NULL, /* protoswNPROTOSW */
+ NULL, /* dom_next */
+ rn_inithead, /* dom_rtattach */
+ 16, /* rtoffset */
+ sizeof(struct sockaddr_encap) /* maxrtkey */
};
static struct protosw pfkey_protosw_template = {
- SOCK_RAW,
- &pfkey_domain,
- -1, /* protocol */
- PR_ATOMIC | PR_ADDR,
- (void *) raw_input,
- (void *) pfkey_output,
- (void *) raw_ctlinput,
- NULL, /* ctloutput */
- pfkey_usrreq,
- NULL, /* init */
- NULL, /* fasttimo */
- NULL, /* slowtimo */
- NULL, /* drain */
- NULL /* sysctl */
+ SOCK_RAW,
+ &pfkey_domain,
+ -1, /* protocol */
+ PR_ATOMIC | PR_ADDR,
+ (void *) raw_input,
+ (void *) pfkey_output,
+ (void *) raw_ctlinput,
+ NULL, /* ctloutput */
+ pfkey_usrreq,
+ NULL, /* init */
+ NULL, /* fasttimo */
+ NULL, /* slowtimo */
+ NULL, /* drain */
+ NULL /* sysctl */
};
-static int
+int
pfkey_buildprotosw(void)
{
- struct protosw *protosw, *p;
- int i, j;
-
- for (i = j = 0; i <= PFKEY_PROTOCOL_MAX; i++)
- if (pfkey_versions[i])
- j++;
-
- if (j) {
- if (!(protosw = malloc(j * sizeof(struct protosw), M_PFKEY, M_DONTWAIT)))
- return ENOMEM;
-
- for (i = 0, p = protosw; i <= PFKEY_PROTOCOL_MAX; i++)
- if (pfkey_versions[i]) {
- bcopy(&pfkey_protosw_template, p, sizeof(struct protosw));
- p->pr_protocol = pfkey_versions[i]->protocol;
- p++;
- }
-
- if (pfkey_domain.dom_protosw)
- free(pfkey_domain.dom_protosw, M_PFKEY);
-
- pfkey_domain.dom_protosw = protosw;
- pfkey_domain.dom_protoswNPROTOSW = p;
- } else {
- if (!(protosw = malloc(sizeof(struct protosw), M_PFKEY, M_DONTWAIT)))
- return ENOMEM;
-
- bcopy(&pfkey_protosw_template, protosw, sizeof(struct protosw));
-
- if (pfkey_domain.dom_protosw)
- free(pfkey_domain.dom_protosw, M_PFKEY);
-
- pfkey_domain.dom_protosw = protosw;
- pfkey_domain.dom_protoswNPROTOSW = protosw;
- }
-
- return 0;
+ struct protosw *protosw, *p;
+ int i, j;
+
+ for (i = j = 0; i <= PFKEY_PROTOCOL_MAX; i++)
+ if (pfkey_versions[i])
+ j++;
+
+ if (j) {
+ if (!(protosw = malloc(j * sizeof(struct protosw),
+ M_PFKEY, M_DONTWAIT)))
+ return (ENOMEM);
+
+ for (i = 0, p = protosw; i <= PFKEY_PROTOCOL_MAX; i++)
+ if (pfkey_versions[i]) {
+ bcopy(&pfkey_protosw_template, p,
+ sizeof(struct protosw));
+ p->pr_protocol = pfkey_versions[i]->protocol;
+ p++;
+ }
+
+ if (pfkey_domain.dom_protosw)
+ free(pfkey_domain.dom_protosw, M_PFKEY);
+
+ pfkey_domain.dom_protosw = protosw;
+ pfkey_domain.dom_protoswNPROTOSW = p;
+ } else {
+ if (!(protosw = malloc(sizeof(struct protosw), M_PFKEY,
+ M_DONTWAIT)))
+ return (ENOMEM);
+
+ bcopy(&pfkey_protosw_template, protosw,
+ sizeof(struct protosw));
+
+ if (pfkey_domain.dom_protosw)
+ free(pfkey_domain.dom_protosw, M_PFKEY);
+
+ pfkey_domain.dom_protosw = protosw;
+ pfkey_domain.dom_protoswNPROTOSW = protosw;
+ }
+
+ return (0);
}
-void pfkey_init(void)
+void
+pfkey_init(void)
{
- if (pfkey_buildprotosw() != 0)
- return;
+ if (pfkey_buildprotosw() != 0)
+ return;
- pfkey_domain.dom_next = domains;
- domains = &pfkey_domain;
- pfkeyv2_init();
+ pfkey_domain.dom_next = domains;
+ domains = &pfkey_domain;
+ pfkeyv2_init();
}
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 02ce61ecfa3..b8bc47c8d0f 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.85 2003/02/15 22:57:58 jason Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.86 2003/02/16 19:54:20 jason Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
@@ -93,27 +93,24 @@ static uint32_t pfkeyv2_seq = 1;
static int nregistered = 0;
static int npromisc = 0;
-static struct sadb_alg ealgs[] =
-{
- { SADB_EALG_DESCBC, 64, 64, 64 },
- { SADB_EALG_3DESCBC, 64, 192, 192 },
- { SADB_X_EALG_BLF, 64, 40, BLF_MAXKEYLEN * 8},
- { SADB_X_EALG_CAST, 64, 40, 128},
- { SADB_X_EALG_SKIPJACK, 64, 80, 80},
- { SADB_X_EALG_AES, 128, 64, 256},
+static const struct sadb_alg ealgs[] = {
+ { SADB_EALG_DESCBC, 64, 64, 64 },
+ { SADB_EALG_3DESCBC, 64, 192, 192 },
+ { SADB_X_EALG_BLF, 64, 40, BLF_MAXKEYLEN * 8},
+ { SADB_X_EALG_CAST, 64, 40, 128},
+ { SADB_X_EALG_SKIPJACK, 64, 80, 80},
+ { SADB_X_EALG_AES, 128, 64, 256},
};
-static struct sadb_alg aalgs[] =
-{
- { SADB_AALG_SHA1HMAC, 0, 160, 160 },
- { SADB_AALG_MD5HMAC, 0, 128, 128 },
- { SADB_AALG_RIPEMD160HMAC, 0, 160, 160 }
+static const struct sadb_alg aalgs[] = {
+ { SADB_AALG_SHA1HMAC, 0, 160, 160 },
+ { SADB_AALG_MD5HMAC, 0, 128, 128 },
+ { SADB_AALG_RIPEMD160HMAC, 0, 160, 160 }
};
-static struct sadb_alg calgs[] =
-{
- { SADB_X_CALG_DEFLATE, 0, 0, 0},
- { SADB_X_CALG_LZS, 0, 0, 0},
+static const struct sadb_alg calgs[] = {
+ { SADB_X_CALG_DEFLATE, 0, 0, 0},
+ { SADB_X_CALG_LZS, 0, 0, 0},
};
extern uint32_t sadb_exts_allowed_out[SADB_MAX+1];
@@ -126,34 +123,31 @@ extern struct pool ipsec_policy_pool;
* chain.
*/
int
-pfdatatopacket(void *data, int len, struct mbuf **packet)
-{
- if (!(*packet = m_devget(data, len, 0, NULL, NULL)))
- return ENOMEM;
-
- return 0;
+pfdatatopacket(void *data, int len, struct mbuf **packet) {
+ if (!(*packet = m_devget(data, len, 0, NULL, NULL)))
+ return (ENOMEM);
+ return (0);
}
/*
* Create a new PF_KEYv2 socket.
*/
int
-pfkeyv2_create(struct socket *socket)
-{
- struct pfkeyv2_socket *pfkeyv2_socket;
+pfkeyv2_create(struct socket *socket) {
+ struct pfkeyv2_socket *pfkeyv2_socket;
- if (!(pfkeyv2_socket = malloc(sizeof(struct pfkeyv2_socket), M_PFKEY,
- M_DONTWAIT)))
- return ENOMEM;
+ if (!(pfkeyv2_socket = malloc(sizeof(struct pfkeyv2_socket),
+ M_PFKEY, M_DONTWAIT)))
+ return (ENOMEM);
- bzero(pfkeyv2_socket, sizeof(struct pfkeyv2_socket));
- pfkeyv2_socket->next = pfkeyv2_sockets;
- pfkeyv2_socket->socket = socket;
- pfkeyv2_socket->pid = curproc->p_pid;
+ bzero(pfkeyv2_socket, sizeof(struct pfkeyv2_socket));
+ pfkeyv2_socket->next = pfkeyv2_sockets;
+ pfkeyv2_socket->socket = socket;
+ pfkeyv2_socket->pid = curproc->p_pid;
- pfkeyv2_sockets = pfkeyv2_socket;
+ pfkeyv2_sockets = pfkeyv2_socket;
- return 0;
+ return (0);
}
/*
@@ -162,30 +156,28 @@ pfkeyv2_create(struct socket *socket)
int
pfkeyv2_release(struct socket *socket)
{
- struct pfkeyv2_socket **pp;
+ struct pfkeyv2_socket **pp;
- for (pp = &pfkeyv2_sockets;
- *pp && ((*pp)->socket != socket);
- pp = &((*pp)->next))
- ;
+ for (pp = &pfkeyv2_sockets; *pp && ((*pp)->socket != socket);
+ pp = &((*pp)->next))
+ /*EMPTY*/;
- if (*pp)
- {
- struct pfkeyv2_socket *pfkeyv2_socket;
+ if (*pp) {
+ struct pfkeyv2_socket *pfkeyv2_socket;
- pfkeyv2_socket = *pp;
- *pp = (*pp)->next;
+ pfkeyv2_socket = *pp;
+ *pp = (*pp)->next;
- if (pfkeyv2_socket->flags & PFKEYV2_SOCKETFLAGS_REGISTERED)
- nregistered--;
+ if (pfkeyv2_socket->flags & PFKEYV2_SOCKETFLAGS_REGISTERED)
+ nregistered--;
- if (pfkeyv2_socket->flags & PFKEYV2_SOCKETFLAGS_PROMISC)
- npromisc--;
+ if (pfkeyv2_socket->flags & PFKEYV2_SOCKETFLAGS_PROMISC)
+ npromisc--;
- free(pfkeyv2_socket, M_PFKEY);
- }
+ free(pfkeyv2_socket, M_PFKEY);
+ }
- return 0;
+ return (0);
}
/*
@@ -195,49 +187,48 @@ pfkeyv2_release(struct socket *socket)
*/
int
pfkeyv2_sendmessage(void **headers, int mode, struct socket *socket,
- u_int8_t satype, int count)
+ u_int8_t satype, int count)
{
- int i, j, rval;
- void *p, *buffer = NULL;
- struct mbuf *packet;
- struct pfkeyv2_socket *s;
- struct sadb_msg *smsg;
-
- /* Find out how much space we'll need... */
- j = sizeof(struct sadb_msg);
-
- for (i = 1; i <= SADB_EXT_MAX; i++)
- if (headers[i])
- j += ((struct sadb_ext *)headers[i])->sadb_ext_len * sizeof(uint64_t);
-
- /* ...and allocate it */
- if (!(buffer = malloc(j + sizeof(struct sadb_msg), M_PFKEY, M_DONTWAIT)))
- {
- rval = ENOMEM;
- goto ret;
- }
+ int i, j, rval;
+ void *p, *buffer = NULL;
+ struct mbuf *packet;
+ struct pfkeyv2_socket *s;
+ struct sadb_msg *smsg;
+
+ /* Find out how much space we'll need... */
+ j = sizeof(struct sadb_msg);
+
+ for (i = 1; i <= SADB_EXT_MAX; i++)
+ if (headers[i])
+ j += ((struct sadb_ext *)headers[i])->sadb_ext_len *
+ sizeof(uint64_t);
+
+ /* ...and allocate it */
+ if (!(buffer = malloc(j + sizeof(struct sadb_msg), M_PFKEY,
+ M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ }
+
+ p = buffer + sizeof(struct sadb_msg);
+ bcopy(headers[0], p, sizeof(struct sadb_msg));
+ ((struct sadb_msg *) p)->sadb_msg_len = j / sizeof(uint64_t);
+ p += sizeof(struct sadb_msg);
+
+ /* Copy payloads in the packet */
+ for (i = 1; i <= SADB_EXT_MAX; i++)
+ if (headers[i]) {
+ ((struct sadb_ext *) headers[i])->sadb_ext_type = i;
+ bcopy(headers[i], p, EXTLEN(headers[i]));
+ p += EXTLEN(headers[i]);
+ }
- p = buffer + sizeof(struct sadb_msg);
- bcopy(headers[0], p, sizeof(struct sadb_msg));
- ((struct sadb_msg *) p)->sadb_msg_len = j / sizeof(uint64_t);
- p += sizeof(struct sadb_msg);
-
- /* Copy payloads in the packet */
- for (i = 1; i <= SADB_EXT_MAX; i++)
- if (headers[i])
- {
- ((struct sadb_ext *) headers[i])->sadb_ext_type = i;
- bcopy(headers[i], p, EXTLEN(headers[i]));
- p += EXTLEN(headers[i]);
- }
-
- if ((rval = pfdatatopacket(buffer + sizeof(struct sadb_msg),
- j, &packet)) != 0)
- goto ret;
-
- switch(mode)
- {
- case PFKEYV2_SENDMESSAGE_UNICAST:
+ if ((rval = pfdatatopacket(buffer + sizeof(struct sadb_msg),
+ j, &packet)) != 0)
+ goto ret;
+
+ switch(mode) {
+ case PFKEYV2_SENDMESSAGE_UNICAST:
/*
* Send message to the specified socket, plus all
* promiscuous listeners.
@@ -253,45 +244,43 @@ pfkeyv2_sendmessage(void **headers, int mode, struct socket *socket,
smsg->sadb_msg_version = PF_KEY_V2;
smsg->sadb_msg_type = SADB_X_PROMISC;
smsg->sadb_msg_len = (sizeof(struct sadb_msg) + j) /
- sizeof(uint64_t);
+ sizeof(uint64_t);
smsg->sadb_msg_seq = 0;
/* Copy to mbuf chain */
if ((rval = pfdatatopacket(buffer, sizeof(struct sadb_msg) + j,
- &packet)) != 0)
- goto ret;
+ &packet)) != 0)
+ goto ret;
/*
* Search for promiscuous listeners, skipping the
* original destination.
*/
for (s = pfkeyv2_sockets; s; s = s->next)
- if ((s->flags & PFKEYV2_SOCKETFLAGS_PROMISC) &&
- (s->socket != socket))
- pfkey_sendup(s->socket, packet, 1);
+ if ((s->flags & PFKEYV2_SOCKETFLAGS_PROMISC) &&
+ (s->socket != socket))
+ pfkey_sendup(s->socket, packet, 1);
/* Done, let's be a bit paranoid */
m_zero(packet);
m_freem(packet);
break;
- case PFKEYV2_SENDMESSAGE_REGISTERED:
+ case PFKEYV2_SENDMESSAGE_REGISTERED:
/*
* Send the message to all registered sockets that match
* the specified satype (e.g., all IPSEC-ESP negotiators)
*/
for (s = pfkeyv2_sockets; s; s = s->next)
- if (s->flags & PFKEYV2_SOCKETFLAGS_REGISTERED)
- {
- if (!satype) /* Just send to everyone registered */
- pfkey_sendup(s->socket, packet, 1);
- else
- {
- /* Check for specified satype */
- if ((1 << satype) & s->registration)
- pfkey_sendup(s->socket, packet, 1);
- }
- }
+ if (s->flags & PFKEYV2_SOCKETFLAGS_REGISTERED) {
+ if (!satype) /* Just send to everyone registered */
+ pfkey_sendup(s->socket, packet, 1);
+ else {
+ /* Check for specified satype */
+ if ((1 << satype) & s->registration)
+ pfkey_sendup(s->socket, packet, 1);
+ }
+ }
/* Free last/original copy of the packet */
m_freem(packet);
@@ -302,40 +291,39 @@ pfkeyv2_sendmessage(void **headers, int mode, struct socket *socket,
smsg->sadb_msg_version = PF_KEY_V2;
smsg->sadb_msg_type = SADB_X_PROMISC;
smsg->sadb_msg_len = (sizeof(struct sadb_msg) + j) /
- sizeof(uint64_t);
+ sizeof(uint64_t);
smsg->sadb_msg_seq = 0;
/* Convert to mbuf chain */
if ((rval = pfdatatopacket(buffer, sizeof(struct sadb_msg) + j,
- &packet)) != 0)
- goto ret;
+ &packet)) != 0)
+ goto ret;
/* Send to all registered promiscuous listeners */
for (s = pfkeyv2_sockets; s; s = s->next)
- if ((s->flags & PFKEYV2_SOCKETFLAGS_PROMISC) &&
- !(s->flags & PFKEYV2_SOCKETFLAGS_REGISTERED))
- pfkey_sendup(s->socket, packet, 1);
+ if ((s->flags & PFKEYV2_SOCKETFLAGS_PROMISC) &&
+ !(s->flags & PFKEYV2_SOCKETFLAGS_REGISTERED))
+ pfkey_sendup(s->socket, packet, 1);
m_freem(packet);
break;
- case PFKEYV2_SENDMESSAGE_BROADCAST:
+ case PFKEYV2_SENDMESSAGE_BROADCAST:
/* Send message to all sockets */
for (s = pfkeyv2_sockets; s; s = s->next)
- pfkey_sendup(s->socket, packet, 1);
+ pfkey_sendup(s->socket, packet, 1);
m_freem(packet);
break;
}
- ret:
- if (buffer != NULL)
- {
- bzero(buffer, j + sizeof(struct sadb_msg));
- free(buffer, M_PFKEY);
+ret:
+ if (buffer != NULL) {
+ bzero(buffer, j + sizeof(struct sadb_msg));
+ free(buffer, M_PFKEY);
}
- return rval;
+ return (rval);
}
/*
@@ -346,164 +334,156 @@ pfkeyv2_sendmessage(void **headers, int mode, struct socket *socket,
int
pfkeyv2_policy(struct ipsec_acquire *ipa, void **headers, void **buffer)
{
- union sockaddr_union sunion;
- struct sadb_protocol *sp;
- int rval, i, dir;
- void *p;
+ union sockaddr_union sunion;
+ struct sadb_protocol *sp;
+ int rval, i, dir;
+ void *p;
- /* Find out how big a buffer we need */
- i = 4 * sizeof(struct sadb_address) + sizeof(struct sadb_protocol);
- bzero(&sunion, sizeof(union sockaddr_union));
+ /* Find out how big a buffer we need */
+ i = 4 * sizeof(struct sadb_address) + sizeof(struct sadb_protocol);
+ bzero(&sunion, sizeof(union sockaddr_union));
- switch (ipa->ipa_info.sen_type)
- {
+ switch (ipa->ipa_info.sen_type) {
#ifdef INET
case SENT_IP4:
- i += 4 * PADUP(sizeof(struct sockaddr_in));
- sunion.sa.sa_family = AF_INET;
- sunion.sa.sa_len = sizeof(struct sockaddr_in);
- dir = ipa->ipa_info.sen_direction;
- break;
+ i += 4 * PADUP(sizeof(struct sockaddr_in));
+ sunion.sa.sa_family = AF_INET;
+ sunion.sa.sa_len = sizeof(struct sockaddr_in);
+ dir = ipa->ipa_info.sen_direction;
+ break;
#endif /* INET */
#ifdef INET6
case SENT_IP6:
- i += 4 * PADUP(sizeof(struct sockaddr_in6));
- sunion.sa.sa_family = AF_INET6;
- sunion.sa.sa_len = sizeof(struct sockaddr_in6);
- dir = ipa->ipa_info.sen_ip6_direction;
- break;
+ i += 4 * PADUP(sizeof(struct sockaddr_in6));
+ sunion.sa.sa_family = AF_INET6;
+ sunion.sa.sa_len = sizeof(struct sockaddr_in6);
+ dir = ipa->ipa_info.sen_ip6_direction;
+ break;
#endif /* INET6 */
default:
- return EINVAL;
- }
+ return (EINVAL);
+ }
- if (!(p = malloc(i, M_PFKEY, M_DONTWAIT)))
- {
- rval = ENOMEM;
- goto ret;
- }
- else
- {
- *buffer = p;
- bzero(p, i);
- }
+ if (!(p = malloc(i, M_PFKEY, M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ } else {
+ *buffer = p;
+ bzero(p, i);
+ }
- if (dir == IPSP_DIRECTION_OUT)
- headers[SADB_X_EXT_SRC_FLOW] = p;
- else
- headers[SADB_X_EXT_DST_FLOW] = p;
- switch (sunion.sa.sa_family)
- {
+ if (dir == IPSP_DIRECTION_OUT)
+ headers[SADB_X_EXT_SRC_FLOW] = p;
+ else
+ headers[SADB_X_EXT_DST_FLOW] = p;
+ switch (sunion.sa.sa_family) {
#ifdef INET
case AF_INET:
- sunion.sin.sin_addr = ipa->ipa_info.sen_ip_src;
- sunion.sin.sin_port = ipa->ipa_info.sen_sport;
- break;
+ sunion.sin.sin_addr = ipa->ipa_info.sen_ip_src;
+ sunion.sin.sin_port = ipa->ipa_info.sen_sport;
+ break;
#endif /* INET */
#ifdef INET6
case AF_INET6:
- sunion.sin6.sin6_addr = ipa->ipa_info.sen_ip6_src;
- sunion.sin6.sin6_port = ipa->ipa_info.sen_ip6_sport;
- break;
+ sunion.sin6.sin6_addr = ipa->ipa_info.sen_ip6_src;
+ sunion.sin6.sin6_port = ipa->ipa_info.sen_ip6_sport;
+ break;
#endif /* INET6 */
- }
- export_address(&p, (struct sockaddr *) &sunion);
-
- if (dir == IPSP_DIRECTION_OUT)
- headers[SADB_X_EXT_SRC_MASK] = p;
- else
- headers[SADB_X_EXT_DST_MASK] = p;
- switch (sunion.sa.sa_family)
- {
+ }
+ export_address(&p, (struct sockaddr *) &sunion);
+
+ if (dir == IPSP_DIRECTION_OUT)
+ headers[SADB_X_EXT_SRC_MASK] = p;
+ else
+ headers[SADB_X_EXT_DST_MASK] = p;
+ switch (sunion.sa.sa_family) {
#ifdef INET
case AF_INET:
- sunion.sin.sin_addr = ipa->ipa_mask.sen_ip_src;
- sunion.sin.sin_port = ipa->ipa_mask.sen_sport;
- break;
+ sunion.sin.sin_addr = ipa->ipa_mask.sen_ip_src;
+ sunion.sin.sin_port = ipa->ipa_mask.sen_sport;
+ break;
#endif /* INET */
#ifdef INET6
case AF_INET6:
- sunion.sin6.sin6_addr = ipa->ipa_mask.sen_ip6_src;
- sunion.sin6.sin6_port = ipa->ipa_mask.sen_ip6_sport;
- break;
+ sunion.sin6.sin6_addr = ipa->ipa_mask.sen_ip6_src;
+ sunion.sin6.sin6_port = ipa->ipa_mask.sen_ip6_sport;
+ break;
#endif /* INET6 */
- }
- export_address(&p, (struct sockaddr *) &sunion);
-
- if (dir == IPSP_DIRECTION_OUT)
- headers[SADB_X_EXT_DST_FLOW] = p;
- else
- headers[SADB_X_EXT_SRC_FLOW] = p;
- switch (sunion.sa.sa_family)
- {
+ }
+ export_address(&p, (struct sockaddr *) &sunion);
+
+ if (dir == IPSP_DIRECTION_OUT)
+ headers[SADB_X_EXT_DST_FLOW] = p;
+ else
+ headers[SADB_X_EXT_SRC_FLOW] = p;
+ switch (sunion.sa.sa_family) {
#ifdef INET
case AF_INET:
- sunion.sin.sin_addr = ipa->ipa_info.sen_ip_dst;
- sunion.sin.sin_port = ipa->ipa_info.sen_dport;
- break;
+ sunion.sin.sin_addr = ipa->ipa_info.sen_ip_dst;
+ sunion.sin.sin_port = ipa->ipa_info.sen_dport;
+ break;
#endif /* INET */
#ifdef INET6
case AF_INET6:
- sunion.sin6.sin6_addr = ipa->ipa_info.sen_ip6_dst;
- sunion.sin6.sin6_port = ipa->ipa_info.sen_ip6_dport;
- break;
+ sunion.sin6.sin6_addr = ipa->ipa_info.sen_ip6_dst;
+ sunion.sin6.sin6_port = ipa->ipa_info.sen_ip6_dport;
+ break;
#endif /* INET6 */
- }
- export_address(&p, (struct sockaddr *) &sunion);
-
- if (dir == IPSP_DIRECTION_OUT)
- headers[SADB_X_EXT_DST_MASK] = p;
- else
- headers[SADB_X_EXT_SRC_MASK] = p;
- switch (sunion.sa.sa_family)
- {
+ }
+ export_address(&p, (struct sockaddr *) &sunion);
+
+ if (dir == IPSP_DIRECTION_OUT)
+ headers[SADB_X_EXT_DST_MASK] = p;
+ else
+ headers[SADB_X_EXT_SRC_MASK] = p;
+ switch (sunion.sa.sa_family) {
#ifdef INET
case AF_INET:
- sunion.sin.sin_addr = ipa->ipa_mask.sen_ip_dst;
- sunion.sin.sin_port = ipa->ipa_mask.sen_dport;
- break;
+ sunion.sin.sin_addr = ipa->ipa_mask.sen_ip_dst;
+ sunion.sin.sin_port = ipa->ipa_mask.sen_dport;
+ break;
#endif /* INET */
#ifdef INET6
case AF_INET6:
- sunion.sin6.sin6_addr = ipa->ipa_mask.sen_ip6_dst;
- sunion.sin6.sin6_port = ipa->ipa_mask.sen_ip6_dport;
- break;
+ sunion.sin6.sin6_addr = ipa->ipa_mask.sen_ip6_dst;
+ sunion.sin6.sin6_port = ipa->ipa_mask.sen_ip6_dport;
+ break;
#endif /* INET6 */
- }
- export_address(&p, (struct sockaddr *) &sunion);
+ }
+ export_address(&p, (struct sockaddr *) &sunion);
- headers[SADB_X_EXT_FLOW_TYPE] = p;
- sp = p;
- sp->sadb_protocol_len = sizeof(struct sadb_protocol) / sizeof(u_int64_t);
- switch (sunion.sa.sa_family)
- {
+ headers[SADB_X_EXT_FLOW_TYPE] = p;
+ sp = p;
+ sp->sadb_protocol_len = sizeof(struct sadb_protocol) /
+ sizeof(u_int64_t);
+ switch (sunion.sa.sa_family) {
#ifdef INET
case AF_INET:
- if (ipa->ipa_mask.sen_proto)
- sp->sadb_protocol_proto = ipa->ipa_info.sen_proto;
- sp->sadb_protocol_direction = ipa->ipa_info.sen_direction;
- break;
+ if (ipa->ipa_mask.sen_proto)
+ sp->sadb_protocol_proto = ipa->ipa_info.sen_proto;
+ sp->sadb_protocol_direction = ipa->ipa_info.sen_direction;
+ break;
#endif /* INET */
#ifdef INET6
case AF_INET6:
- if (ipa->ipa_mask.sen_ip6_proto)
- sp->sadb_protocol_proto = ipa->ipa_info.sen_ip6_proto;
- sp->sadb_protocol_direction = ipa->ipa_info.sen_ip6_direction;
- break;
+ if (ipa->ipa_mask.sen_ip6_proto)
+ sp->sadb_protocol_proto = ipa->ipa_info.sen_ip6_proto;
+ sp->sadb_protocol_direction = ipa->ipa_info.sen_ip6_direction;
+ break;
#endif /* INET6 */
- }
+ }
- rval = 0;
+ rval = 0;
- ret:
- return rval;
+ret:
+ return (rval);
}
/*
@@ -512,159 +492,145 @@ pfkeyv2_policy(struct ipsec_acquire *ipa, void **headers, void **buffer)
int
pfkeyv2_get(struct tdb *sa, void **headers, void **buffer)
{
- int rval, i;
- void *p;
+ int rval, i;
+ void *p;
- /* Find how much space we need */
- i = sizeof(struct sadb_sa) + sizeof(struct sadb_lifetime);
+ /* Find how much space we need */
+ i = sizeof(struct sadb_sa) + sizeof(struct sadb_lifetime);
- if (sa->tdb_soft_allocations || sa->tdb_soft_bytes ||
- sa->tdb_soft_timeout || sa->tdb_soft_first_use)
- i += sizeof(struct sadb_lifetime);
+ if (sa->tdb_soft_allocations || sa->tdb_soft_bytes ||
+ sa->tdb_soft_timeout || sa->tdb_soft_first_use)
+ i += sizeof(struct sadb_lifetime);
- if (sa->tdb_exp_allocations || sa->tdb_exp_bytes ||
- sa->tdb_exp_timeout || sa->tdb_exp_first_use)
- i += sizeof(struct sadb_lifetime);
+ if (sa->tdb_exp_allocations || sa->tdb_exp_bytes ||
+ sa->tdb_exp_timeout || sa->tdb_exp_first_use)
+ i += sizeof(struct sadb_lifetime);
- if (sa->tdb_src.sa.sa_family)
- i += sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_src.sa));
+ if (sa->tdb_src.sa.sa_family)
+ i += sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_src.sa));
- if (sa->tdb_dst.sa.sa_family)
- i += sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_dst.sa));
+ if (sa->tdb_dst.sa.sa_family)
+ i += sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_dst.sa));
- if (sa->tdb_proxy.sa.sa_family)
- i += sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_proxy.sa));
+ if (sa->tdb_proxy.sa.sa_family)
+ i += sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_proxy.sa));
- if (sa->tdb_srcid)
- i += PADUP(sa->tdb_srcid->ref_len) + sizeof(struct sadb_ident);
+ if (sa->tdb_srcid)
+ i += PADUP(sa->tdb_srcid->ref_len) + sizeof(struct sadb_ident);
- if (sa->tdb_dstid)
- i += PADUP(sa->tdb_dstid->ref_len) + sizeof(struct sadb_ident);
+ if (sa->tdb_dstid)
+ i += PADUP(sa->tdb_dstid->ref_len) + sizeof(struct sadb_ident);
- if (sa->tdb_local_cred)
- i += PADUP(sa->tdb_local_cred->ref_len) + sizeof(struct sadb_x_cred);
+ if (sa->tdb_local_cred)
+ i += PADUP(sa->tdb_local_cred->ref_len) + sizeof(struct sadb_x_cred);
- if (sa->tdb_remote_cred)
- i += PADUP(sa->tdb_remote_cred->ref_len) + sizeof(struct sadb_x_cred);
+ if (sa->tdb_remote_cred)
+ i += PADUP(sa->tdb_remote_cred->ref_len) + sizeof(struct sadb_x_cred);
- if (sa->tdb_local_auth)
- i += PADUP(sa->tdb_local_auth->ref_len) + sizeof(struct sadb_x_cred);
+ if (sa->tdb_local_auth)
+ i += PADUP(sa->tdb_local_auth->ref_len) + sizeof(struct sadb_x_cred);
- if (sa->tdb_remote_auth)
- i += PADUP(sa->tdb_remote_auth->ref_len) + sizeof(struct sadb_x_cred);
+ if (sa->tdb_remote_auth)
+ i += PADUP(sa->tdb_remote_auth->ref_len) + sizeof(struct sadb_x_cred);
- if (sa->tdb_amxkey)
- i+= PADUP(sa->tdb_amxkeylen) + sizeof(struct sadb_key);
+ if (sa->tdb_amxkey)
+ i+= PADUP(sa->tdb_amxkeylen) + sizeof(struct sadb_key);
- if (sa->tdb_emxkey)
- i+= PADUP(sa->tdb_emxkeylen) + sizeof(struct sadb_key);
+ if (sa->tdb_emxkey)
+ i+= PADUP(sa->tdb_emxkeylen) + sizeof(struct sadb_key);
- if (!(p = malloc(i, M_PFKEY, M_DONTWAIT)))
- {
- rval = ENOMEM;
- goto ret;
- }
- else
- {
- *buffer = p;
- bzero(p, i);
- }
+ if (!(p = malloc(i, M_PFKEY, M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ } else {
+ *buffer = p;
+ bzero(p, i);
+ }
- headers[SADB_EXT_SA] = p;
+ headers[SADB_EXT_SA] = p;
- export_sa(&p, sa); /* Export SA information (mostly flags) */
+ export_sa(&p, sa); /* Export SA information (mostly flags) */
- /* Export lifetimes where applicable */
- headers[SADB_EXT_LIFETIME_CURRENT] = p;
- export_lifetime(&p, sa, PFKEYV2_LIFETIME_CURRENT);
+ /* Export lifetimes where applicable */
+ headers[SADB_EXT_LIFETIME_CURRENT] = p;
+ export_lifetime(&p, sa, PFKEYV2_LIFETIME_CURRENT);
- if (sa->tdb_soft_allocations || sa->tdb_soft_bytes ||
- sa->tdb_soft_first_use || sa->tdb_soft_timeout)
- {
- headers[SADB_EXT_LIFETIME_SOFT] = p;
- export_lifetime(&p, sa, PFKEYV2_LIFETIME_SOFT);
- }
+ if (sa->tdb_soft_allocations || sa->tdb_soft_bytes ||
+ sa->tdb_soft_first_use || sa->tdb_soft_timeout) {
+ headers[SADB_EXT_LIFETIME_SOFT] = p;
+ export_lifetime(&p, sa, PFKEYV2_LIFETIME_SOFT);
+ }
- if (sa->tdb_exp_allocations || sa->tdb_exp_bytes ||
- sa->tdb_exp_first_use || sa->tdb_exp_timeout)
- {
- headers[SADB_EXT_LIFETIME_HARD] = p;
- export_lifetime(&p, sa, PFKEYV2_LIFETIME_HARD);
- }
+ if (sa->tdb_exp_allocations || sa->tdb_exp_bytes ||
+ sa->tdb_exp_first_use || sa->tdb_exp_timeout) {
+ headers[SADB_EXT_LIFETIME_HARD] = p;
+ export_lifetime(&p, sa, PFKEYV2_LIFETIME_HARD);
+ }
- /* Export TDB source address */
- headers[SADB_EXT_ADDRESS_SRC] = p;
- export_address(&p, (struct sockaddr *) &sa->tdb_src);
+ /* Export TDB source address */
+ headers[SADB_EXT_ADDRESS_SRC] = p;
+ export_address(&p, (struct sockaddr *) &sa->tdb_src);
- /* Export TDB destination address */
- headers[SADB_EXT_ADDRESS_DST] = p;
- export_address(&p, (struct sockaddr *) &sa->tdb_dst);
+ /* Export TDB destination address */
+ headers[SADB_EXT_ADDRESS_DST] = p;
+ export_address(&p, (struct sockaddr *) &sa->tdb_dst);
- /* Export TDB proxy address, if present */
- if (SA_LEN(&sa->tdb_proxy.sa))
- {
- headers[SADB_EXT_ADDRESS_PROXY] = p;
- export_address(&p, (struct sockaddr *) &sa->tdb_proxy);
- }
+ /* Export TDB proxy address, if present */
+ if (SA_LEN(&sa->tdb_proxy.sa)) {
+ headers[SADB_EXT_ADDRESS_PROXY] = p;
+ export_address(&p, (struct sockaddr *) &sa->tdb_proxy);
+ }
- /* Export source identity, if present */
- if (sa->tdb_srcid)
- {
- headers[SADB_EXT_IDENTITY_SRC] = p;
- export_identity(&p, sa, PFKEYV2_IDENTITY_SRC);
- }
+ /* Export source identity, if present */
+ if (sa->tdb_srcid) {
+ headers[SADB_EXT_IDENTITY_SRC] = p;
+ export_identity(&p, sa, PFKEYV2_IDENTITY_SRC);
+ }
- /* Export destination identity, if present */
- if (sa->tdb_dstid)
- {
- headers[SADB_EXT_IDENTITY_DST] = p;
- export_identity(&p, sa, PFKEYV2_IDENTITY_DST);
- }
+ /* Export destination identity, if present */
+ if (sa->tdb_dstid) {
+ headers[SADB_EXT_IDENTITY_DST] = p;
+ export_identity(&p, sa, PFKEYV2_IDENTITY_DST);
+ }
- /* Export credentials, if present */
- if (sa->tdb_local_cred)
- {
- headers[SADB_X_EXT_LOCAL_CREDENTIALS] = p;
- export_credentials(&p, sa, PFKEYV2_CRED_LOCAL);
- }
+ /* Export credentials, if present */
+ if (sa->tdb_local_cred) {
+ headers[SADB_X_EXT_LOCAL_CREDENTIALS] = p;
+ export_credentials(&p, sa, PFKEYV2_CRED_LOCAL);
+ }
- if (sa->tdb_remote_cred)
- {
- headers[SADB_X_EXT_REMOTE_CREDENTIALS] = p;
- export_credentials(&p, sa, PFKEYV2_CRED_REMOTE);
- }
+ if (sa->tdb_remote_cred) {
+ headers[SADB_X_EXT_REMOTE_CREDENTIALS] = p;
+ export_credentials(&p, sa, PFKEYV2_CRED_REMOTE);
+ }
- /* Export authentication information, if present */
- if (sa->tdb_local_auth)
- {
- headers[SADB_X_EXT_LOCAL_AUTH] = p;
- export_auth(&p, sa, PFKEYV2_AUTH_LOCAL);
- }
+ /* Export authentication information, if present */
+ if (sa->tdb_local_auth) {
+ headers[SADB_X_EXT_LOCAL_AUTH] = p;
+ export_auth(&p, sa, PFKEYV2_AUTH_LOCAL);
+ }
- if (sa->tdb_remote_auth)
- {
- headers[SADB_X_EXT_REMOTE_AUTH] = p;
- export_auth(&p, sa, PFKEYV2_AUTH_REMOTE);
- }
+ if (sa->tdb_remote_auth) {
+ headers[SADB_X_EXT_REMOTE_AUTH] = p;
+ export_auth(&p, sa, PFKEYV2_AUTH_REMOTE);
+ }
- /* Export authentication key, if present */
- if (sa->tdb_amxkey)
- {
- headers[SADB_EXT_KEY_AUTH] = p;
- export_key(&p, sa, PFKEYV2_AUTHENTICATION_KEY);
- }
+ /* Export authentication key, if present */
+ if (sa->tdb_amxkey) {
+ headers[SADB_EXT_KEY_AUTH] = p;
+ export_key(&p, sa, PFKEYV2_AUTHENTICATION_KEY);
+ }
- /* Export encryption key, if present */
- if (sa->tdb_emxkey)
- {
- headers[SADB_EXT_KEY_ENCRYPT] = p;
- export_key(&p, sa, PFKEYV2_ENCRYPTION_KEY);
- }
+ /* Export encryption key, if present */
+ if (sa->tdb_emxkey) {
+ headers[SADB_EXT_KEY_ENCRYPT] = p;
+ export_key(&p, sa, PFKEYV2_ENCRYPTION_KEY);
+ }
- rval = 0;
+ rval = 0;
ret:
- return rval;
+ return (rval);
}
/*
@@ -673,34 +639,33 @@ pfkeyv2_get(struct tdb *sa, void **headers, void **buffer)
int
pfkeyv2_dump_walker(struct tdb *sa, void *state, int last)
{
- struct dump_state *dump_state = (struct dump_state *) state;
- void *headers[SADB_EXT_MAX+1], *buffer;
- int rval;
-
- /* If not satype was specified, dump all TDBs */
- if (!dump_state->sadb_msg->sadb_msg_satype ||
- (sa->tdb_satype == dump_state->sadb_msg->sadb_msg_satype))
- {
- bzero(headers, sizeof(headers));
- headers[0] = (void *) dump_state->sadb_msg;
+ struct dump_state *dump_state = (struct dump_state *) state;
+ void *headers[SADB_EXT_MAX+1], *buffer;
+ int rval;
- /* Get the information from the TDB to a PFKEYv2 message */
- if ((rval = pfkeyv2_get(sa, headers, &buffer)) != 0)
- return rval;
+ /* If not satype was specified, dump all TDBs */
+ if (!dump_state->sadb_msg->sadb_msg_satype ||
+ (sa->tdb_satype == dump_state->sadb_msg->sadb_msg_satype)) {
+ bzero(headers, sizeof(headers));
+ headers[0] = (void *) dump_state->sadb_msg;
- if (last)
- ((struct sadb_msg *)headers[0])->sadb_msg_seq = 0;
+ /* Get the information from the TDB to a PFKEYv2 message */
+ if ((rval = pfkeyv2_get(sa, headers, &buffer)) != 0)
+ return (rval);
- /* Send the message to the specified socket */
- rval = pfkeyv2_sendmessage(headers, PFKEYV2_SENDMESSAGE_UNICAST,
- dump_state->socket, 0, 0);
+ if (last)
+ ((struct sadb_msg *)headers[0])->sadb_msg_seq = 0;
- free(buffer, M_PFKEY);
- if (rval)
- return rval;
- }
+ /* Send the message to the specified socket */
+ rval = pfkeyv2_sendmessage(headers,
+ PFKEYV2_SENDMESSAGE_UNICAST, dump_state->socket, 0, 0);
+
+ free(buffer, M_PFKEY);
+ if (rval)
+ return (rval);
+ }
- return 0;
+ return (0);
}
/*
@@ -709,11 +674,10 @@ pfkeyv2_dump_walker(struct tdb *sa, void *state, int last)
int
pfkeyv2_flush_walker(struct tdb *sa, void *satype_vp, int last)
{
- if (!(*((u_int8_t *) satype_vp)) ||
- sa->tdb_satype == *((u_int8_t *) satype_vp))
- tdb_delete(sa);
-
- return 0;
+ if (!(*((u_int8_t *) satype_vp)) ||
+ sa->tdb_satype == *((u_int8_t *) satype_vp))
+ tdb_delete(sa);
+ return (0);
}
/*
@@ -724,64 +688,63 @@ pfkeyv2_flush_walker(struct tdb *sa, void *satype_vp, int last)
int
pfkeyv2_get_proto_alg(u_int8_t satype, u_int8_t *sproto, int *alg)
{
- switch (satype)
- {
+ switch (satype) {
case SADB_SATYPE_AH:
- if (!ah_enable)
- return EOPNOTSUPP;
+ if (!ah_enable)
+ return (EOPNOTSUPP);
- *sproto = IPPROTO_AH;
+ *sproto = IPPROTO_AH;
- if(alg != NULL)
- *alg = satype = XF_AH;
+ if(alg != NULL)
+ *alg = satype = XF_AH;
- break;
+ break;
case SADB_SATYPE_ESP:
- if (!esp_enable)
- return EOPNOTSUPP;
+ if (!esp_enable)
+ return (EOPNOTSUPP);
- *sproto = IPPROTO_ESP;
+ *sproto = IPPROTO_ESP;
- if(alg != NULL)
- *alg = satype = XF_ESP;
+ if(alg != NULL)
+ *alg = satype = XF_ESP;
- break;
+ break;
case SADB_X_SATYPE_IPIP:
- *sproto = IPPROTO_IPIP;
+ *sproto = IPPROTO_IPIP;
- if (alg != NULL)
- *alg = XF_IP4;
+ if (alg != NULL)
+ *alg = XF_IP4;
- break;
+ break;
case SADB_X_SATYPE_IPCOMP:
- if (!ipcomp_enable)
- return EOPNOTSUPP;
+ if (!ipcomp_enable)
+ return (EOPNOTSUPP);
- *sproto = IPPROTO_IPCOMP;
+ *sproto = IPPROTO_IPCOMP;
- if(alg != NULL)
- *alg = satype = XF_IPCOMP;
+ if(alg != NULL)
+ *alg = satype = XF_IPCOMP;
- break;
+ break;
#ifdef TCP_SIGNATURE
case SADB_X_SATYPE_TCPSIGNATURE:
- *sproto = IPPROTO_TCP;
+ *sproto = IPPROTO_TCP;
- if (alg != NULL)
- *alg = XF_TCPSIGNATURE;
+ if (alg != NULL)
+ *alg = XF_TCPSIGNATURE;
- break;
+ break;
#endif /* TCP_SIGNATURE */
default: /* Nothing else supported */
- return EOPNOTSUPP;
- }
+ return (EOPNOTSUPP);
+ }
- return 0;
+ return (0);
}
/*
@@ -790,553 +753,534 @@ pfkeyv2_get_proto_alg(u_int8_t satype, u_int8_t *sproto, int *alg)
int
pfkeyv2_send(struct socket *socket, void *message, int len)
{
- int i, j, rval = 0, mode = PFKEYV2_SENDMESSAGE_BROADCAST, delflag = 0, s;
- struct sockaddr_encap encapdst, encapnetmask, encapgw;
- struct ipsec_policy *ipo, *tmpipo;
- struct ipsec_acquire *ipa;
-
- struct pfkeyv2_socket *pfkeyv2_socket, *so = NULL;
+ int i, j, rval = 0, mode = PFKEYV2_SENDMESSAGE_BROADCAST;
+ int delflag = 0, s;
+ struct sockaddr_encap encapdst, encapnetmask, encapgw;
+ struct ipsec_policy *ipo, *tmpipo;
+ struct ipsec_acquire *ipa;
- void *freeme = NULL, *bckptr = NULL;
- void *headers[SADB_EXT_MAX + 1];
+ struct pfkeyv2_socket *pfkeyv2_socket, *so = NULL;
- union sockaddr_union *sunionp;
+ void *freeme = NULL, *bckptr = NULL;
+ void *headers[SADB_EXT_MAX + 1];
- struct tdb sa, *sa2 = NULL;
+ union sockaddr_union *sunionp;
- struct sadb_msg *smsg;
- struct sadb_spirange *sprng;
- struct sadb_sa *ssa;
- struct sadb_supported *ssup;
- struct sadb_ident *sid;
+ struct tdb sa, *sa2 = NULL;
- /* Verify that we received this over a legitimate pfkeyv2 socket */
- bzero(headers, sizeof(headers));
+ struct sadb_msg *smsg;
+ struct sadb_spirange *sprng;
+ struct sadb_sa *ssa;
+ struct sadb_supported *ssup;
+ struct sadb_ident *sid;
- for (pfkeyv2_socket = pfkeyv2_sockets;
- pfkeyv2_socket;
- pfkeyv2_socket = pfkeyv2_socket->next)
- if (pfkeyv2_socket->socket == socket)
- break;
-
- if (!pfkeyv2_socket)
- {
- rval = EINVAL;
- goto ret;
- }
+ /* Verify that we received this over a legitimate pfkeyv2 socket */
+ bzero(headers, sizeof(headers));
- /* If we have any promiscuous listeners, send them a copy of the message */
- if (npromisc)
- {
- struct mbuf *packet;
+ for (pfkeyv2_socket = pfkeyv2_sockets; pfkeyv2_socket;
+ pfkeyv2_socket = pfkeyv2_socket->next)
+ if (pfkeyv2_socket->socket == socket)
+ break;
- if (!(freeme = malloc(sizeof(struct sadb_msg) + len, M_PFKEY,
- M_DONTWAIT)))
- {
- rval = ENOMEM;
- goto ret;
+ if (!pfkeyv2_socket) {
+ rval = EINVAL;
+ goto ret;
}
- /* Initialize encapsulating header */
- bzero(freeme, sizeof(struct sadb_msg));
- smsg = (struct sadb_msg *) freeme;
- smsg->sadb_msg_version = PF_KEY_V2;
- smsg->sadb_msg_type = SADB_X_PROMISC;
- smsg->sadb_msg_len = (sizeof(struct sadb_msg) + len) /
- sizeof(uint64_t);
- smsg->sadb_msg_seq = curproc->p_pid;
-
- bcopy(message, freeme + sizeof(struct sadb_msg), len);
-
- /* Convert to mbuf chain */
- if ((rval = pfdatatopacket(freeme, sizeof(struct sadb_msg) + len,
- &packet)) != 0)
- goto ret;
-
- /* Send to all promiscuous listeners */
- for (so = pfkeyv2_sockets; so; so = so->next)
- if (so->flags & PFKEYV2_SOCKETFLAGS_PROMISC)
- pfkey_sendup(so->socket, packet, 1);
-
- /* Paranoid */
- m_zero(packet);
- m_freem(packet);
-
- /* Even more paranoid */
- bzero(freeme, sizeof(struct sadb_msg) + len);
- free(freeme, M_PFKEY);
- freeme = NULL;
- }
-
- /* Validate message format */
- if ((rval = pfkeyv2_parsemessage(message, len, headers)) != 0)
- goto ret;
+ /* If we have any promiscuous listeners, send them a copy of the message */
+ if (npromisc) {
+ struct mbuf *packet;
- smsg = (struct sadb_msg *) headers[0];
- switch(smsg->sadb_msg_type)
- {
- case SADB_GETSPI: /* Reserve an SPI */
- bzero(&sa, sizeof(struct tdb));
-
- sa.tdb_satype = smsg->sadb_msg_satype;
- if ((rval = pfkeyv2_get_proto_alg(sa.tdb_satype,
- &sa.tdb_sproto, 0)))
- goto ret;
-
- import_address((struct sockaddr *) &sa.tdb_src,
- headers[SADB_EXT_ADDRESS_SRC]);
- import_address((struct sockaddr *) &sa.tdb_dst,
- headers[SADB_EXT_ADDRESS_DST]);
-
- /* Find an unused SA identifier */
- sprng = (struct sadb_spirange *) headers[SADB_EXT_SPIRANGE];
- sa.tdb_spi = reserve_spi(sprng->sadb_spirange_min,
- sprng->sadb_spirange_max,
- &sa.tdb_src, &sa.tdb_dst,
- sa.tdb_sproto, &rval);
- if (sa.tdb_spi == 0)
- goto ret;
-
- /* Send a message back telling what the SA (the SPI really) is */
- if (!(freeme = malloc(sizeof(struct sadb_sa), M_PFKEY,
- M_DONTWAIT)))
- {
- rval = ENOMEM;
- goto ret;
- }
+ if (!(freeme = malloc(sizeof(struct sadb_msg) + len, M_PFKEY,
+ M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ }
- bzero(freeme, sizeof(struct sadb_sa));
- headers[SADB_EXT_SPIRANGE] = NULL;
- headers[SADB_EXT_SA] = freeme;
- bckptr = freeme;
+ /* Initialize encapsulating header */
+ bzero(freeme, sizeof(struct sadb_msg));
+ smsg = (struct sadb_msg *) freeme;
+ smsg->sadb_msg_version = PF_KEY_V2;
+ smsg->sadb_msg_type = SADB_X_PROMISC;
+ smsg->sadb_msg_len = (sizeof(struct sadb_msg) + len) /
+ sizeof(uint64_t);
+ smsg->sadb_msg_seq = curproc->p_pid;
- /* We really only care about the SPI, but we'll export the SA */
- export_sa((void **) &bckptr, &sa);
- break;
+ bcopy(message, freeme + sizeof(struct sadb_msg), len);
- case SADB_UPDATE:
- ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
- sunionp = (union sockaddr_union *) (headers[SADB_EXT_ADDRESS_DST] +
- sizeof(struct sadb_address));
-
- /* Either all or none of the flow must be included */
- if ((headers[SADB_X_EXT_SRC_FLOW] ||
- headers[SADB_X_EXT_PROTOCOL] ||
- headers[SADB_X_EXT_FLOW_TYPE] ||
- headers[SADB_X_EXT_DST_FLOW] ||
- headers[SADB_X_EXT_SRC_MASK] ||
- headers[SADB_X_EXT_DST_MASK]) &&
- !(headers[SADB_X_EXT_SRC_FLOW] &&
- headers[SADB_X_EXT_PROTOCOL] &&
- headers[SADB_X_EXT_FLOW_TYPE] &&
- headers[SADB_X_EXT_DST_FLOW] &&
- headers[SADB_X_EXT_SRC_MASK] &&
- headers[SADB_X_EXT_DST_MASK]))
- {
- rval = EINVAL;
- goto ret;
- }
+ /* Convert to mbuf chain */
+ if ((rval = pfdatatopacket(freeme,
+ sizeof(struct sadb_msg) + len, &packet)) != 0)
+ goto ret;
- s = spltdb();
+ /* Send to all promiscuous listeners */
+ for (so = pfkeyv2_sockets; so; so = so->next)
+ if (so->flags & PFKEYV2_SOCKETFLAGS_PROMISC)
+ pfkey_sendup(so->socket, packet, 1);
- /* Find TDB */
- sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_X_GETSPROTO(smsg->sadb_msg_satype));
+ /* Paranoid */
+ m_zero(packet);
+ m_freem(packet);
- /* If there's no such SA, we're done */
- if (sa2 == NULL)
- {
- rval = ESRCH;
- goto splxret;
- }
+ /* Even more paranoid */
+ bzero(freeme, sizeof(struct sadb_msg) + len);
+ free(freeme, M_PFKEY);
+ freeme = NULL;
+ }
- /* If this is a reserved SA */
- if (sa2->tdb_flags & TDBF_INVALID)
- {
- struct tdb *newsa;
- struct ipsecinit ii;
- int alg;
+ /* Validate message format */
+ if ((rval = pfkeyv2_parsemessage(message, len, headers)) != 0)
+ goto ret;
- /* Create new TDB */
- freeme = tdb_alloc();
- bzero(&ii, sizeof(struct ipsecinit));
-
- newsa = (struct tdb *) freeme;
- newsa->tdb_satype = smsg->sadb_msg_satype;
-
- if ((rval = pfkeyv2_get_proto_alg(newsa->tdb_satype,
- &newsa->tdb_sproto, &alg)))
- goto splxret;
-
- /* Initialize SA */
- import_sa(newsa, headers[SADB_EXT_SA], &ii);
- import_address((struct sockaddr *) &newsa->tdb_src,
- headers[SADB_EXT_ADDRESS_SRC]);
- import_address((struct sockaddr *) &newsa->tdb_dst,
- headers[SADB_EXT_ADDRESS_DST]);
- import_address((struct sockaddr *) &newsa->tdb_proxy,
- headers[SADB_EXT_ADDRESS_PROXY]);
- import_lifetime(newsa, headers[SADB_EXT_LIFETIME_CURRENT],
- PFKEYV2_LIFETIME_CURRENT);
- import_lifetime(newsa, headers[SADB_EXT_LIFETIME_SOFT],
- PFKEYV2_LIFETIME_SOFT);
- import_lifetime(newsa, headers[SADB_EXT_LIFETIME_HARD],
- PFKEYV2_LIFETIME_HARD);
- import_key(&ii, headers[SADB_EXT_KEY_AUTH],
- PFKEYV2_AUTHENTICATION_KEY);
- import_key(&ii, headers[SADB_EXT_KEY_ENCRYPT],
- PFKEYV2_ENCRYPTION_KEY);
- import_identity(newsa, headers[SADB_EXT_IDENTITY_SRC],
- PFKEYV2_IDENTITY_SRC);
- import_identity(newsa, headers[SADB_EXT_IDENTITY_DST],
- PFKEYV2_IDENTITY_DST);
- import_credentials(newsa,
- headers[SADB_X_EXT_LOCAL_CREDENTIALS],
- PFKEYV2_CRED_LOCAL);
- import_credentials(newsa,
- headers[SADB_X_EXT_REMOTE_CREDENTIALS],
- PFKEYV2_CRED_REMOTE);
- import_auth(newsa, headers[SADB_X_EXT_LOCAL_AUTH],
- PFKEYV2_AUTH_LOCAL);
- import_auth(newsa, headers[SADB_X_EXT_REMOTE_AUTH],
- PFKEYV2_AUTH_REMOTE);
- import_flow(&newsa->tdb_filter, &newsa->tdb_filtermask,
- headers[SADB_X_EXT_SRC_FLOW], headers[SADB_X_EXT_SRC_MASK],
- headers[SADB_X_EXT_DST_FLOW], headers[SADB_X_EXT_DST_MASK],
- headers[SADB_X_EXT_PROTOCOL],
- headers[SADB_X_EXT_FLOW_TYPE]);
+ smsg = (struct sadb_msg *) headers[0];
+ switch(smsg->sadb_msg_type) {
+ case SADB_GETSPI: /* Reserve an SPI */
+ bzero(&sa, sizeof(struct tdb));
+
+ sa.tdb_satype = smsg->sadb_msg_satype;
+ if ((rval = pfkeyv2_get_proto_alg(sa.tdb_satype,
+ &sa.tdb_sproto, 0)))
+ goto ret;
+
+ import_address((struct sockaddr *) &sa.tdb_src,
+ headers[SADB_EXT_ADDRESS_SRC]);
+ import_address((struct sockaddr *) &sa.tdb_dst,
+ headers[SADB_EXT_ADDRESS_DST]);
+
+ /* Find an unused SA identifier */
+ sprng = (struct sadb_spirange *) headers[SADB_EXT_SPIRANGE];
+ sa.tdb_spi = reserve_spi(sprng->sadb_spirange_min,
+ sprng->sadb_spirange_max, &sa.tdb_src, &sa.tdb_dst,
+ sa.tdb_sproto, &rval);
+ if (sa.tdb_spi == 0)
+ goto ret;
+
+ /* Send a message back telling what the SA (the SPI really) is */
+ if (!(freeme = malloc(sizeof(struct sadb_sa), M_PFKEY,
+ M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ }
- headers[SADB_EXT_KEY_AUTH] = NULL;
- headers[SADB_EXT_KEY_ENCRYPT] = NULL;
- headers[SADB_X_EXT_LOCAL_AUTH] = NULL;
+ bzero(freeme, sizeof(struct sadb_sa));
+ headers[SADB_EXT_SPIRANGE] = NULL;
+ headers[SADB_EXT_SA] = freeme;
+ bckptr = freeme;
- newsa->tdb_seq = smsg->sadb_msg_seq;
+ /* We really only care about the SPI, but we'll export the SA */
+ export_sa((void **) &bckptr, &sa);
+ break;
- rval = tdb_init(newsa, alg, &ii);
- if (rval)
- {
- rval = EINVAL;
- tdb_delete(freeme);
- freeme = NULL;
- goto splxret;
+ case SADB_UPDATE:
+ ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
+ sunionp = (union sockaddr_union *) (headers[SADB_EXT_ADDRESS_DST] +
+ sizeof(struct sadb_address));
+
+ /* Either all or none of the flow must be included */
+ if ((headers[SADB_X_EXT_SRC_FLOW] ||
+ headers[SADB_X_EXT_PROTOCOL] ||
+ headers[SADB_X_EXT_FLOW_TYPE] ||
+ headers[SADB_X_EXT_DST_FLOW] ||
+ headers[SADB_X_EXT_SRC_MASK] ||
+ headers[SADB_X_EXT_DST_MASK]) &&
+ !(headers[SADB_X_EXT_SRC_FLOW] &&
+ headers[SADB_X_EXT_PROTOCOL] &&
+ headers[SADB_X_EXT_FLOW_TYPE] &&
+ headers[SADB_X_EXT_DST_FLOW] &&
+ headers[SADB_X_EXT_SRC_MASK] &&
+ headers[SADB_X_EXT_DST_MASK])) {
+ rval = EINVAL;
+ goto ret;
}
- newsa->tdb_cur_allocations = sa2->tdb_cur_allocations;
+ s = spltdb();
- /* Delete old version of the SA, insert new one */
- tdb_delete(sa2);
- puttdb((struct tdb *) freeme);
- sa2 = freeme = NULL;
- }
- else
- {
- /*
- * The SA is already initialized, so we're only allowed to
- * change lifetimes and some other information; we're
- * not allowed to change keys, addresses or identities.
- */
- if (headers[SADB_EXT_ADDRESS_PROXY] ||
- headers[SADB_EXT_KEY_AUTH] ||
- headers[SADB_EXT_KEY_ENCRYPT] ||
- headers[SADB_EXT_IDENTITY_SRC] ||
- headers[SADB_EXT_IDENTITY_DST] ||
- headers[SADB_EXT_SENSITIVITY])
- {
- rval = EINVAL;
- goto splxret;
+ /* Find TDB */
+ sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));
+
+ /* If there's no such SA, we're done */
+ if (sa2 == NULL) {
+ rval = ESRCH;
+ goto splxret;
}
- import_sa(sa2, headers[SADB_EXT_SA], NULL);
- import_lifetime(sa2, headers[SADB_EXT_LIFETIME_CURRENT],
- PFKEYV2_LIFETIME_CURRENT);
- import_lifetime(sa2, headers[SADB_EXT_LIFETIME_SOFT],
- PFKEYV2_LIFETIME_SOFT);
- import_lifetime(sa2, headers[SADB_EXT_LIFETIME_HARD],
- PFKEYV2_LIFETIME_HARD);
- }
+ /* If this is a reserved SA */
+ if (sa2->tdb_flags & TDBF_INVALID) {
+ struct tdb *newsa;
+ struct ipsecinit ii;
+ int alg;
+
+ /* Create new TDB */
+ freeme = tdb_alloc();
+ bzero(&ii, sizeof(struct ipsecinit));
+
+ newsa = (struct tdb *) freeme;
+ newsa->tdb_satype = smsg->sadb_msg_satype;
+
+ if ((rval = pfkeyv2_get_proto_alg(newsa->tdb_satype,
+ &newsa->tdb_sproto, &alg)))
+ goto splxret;
+
+ /* Initialize SA */
+ import_sa(newsa, headers[SADB_EXT_SA], &ii);
+ import_address((struct sockaddr *) &newsa->tdb_src,
+ headers[SADB_EXT_ADDRESS_SRC]);
+ import_address((struct sockaddr *) &newsa->tdb_dst,
+ headers[SADB_EXT_ADDRESS_DST]);
+ import_address((struct sockaddr *) &newsa->tdb_proxy,
+ headers[SADB_EXT_ADDRESS_PROXY]);
+ import_lifetime(newsa,
+ headers[SADB_EXT_LIFETIME_CURRENT],
+ PFKEYV2_LIFETIME_CURRENT);
+ import_lifetime(newsa, headers[SADB_EXT_LIFETIME_SOFT],
+ PFKEYV2_LIFETIME_SOFT);
+ import_lifetime(newsa, headers[SADB_EXT_LIFETIME_HARD],
+ PFKEYV2_LIFETIME_HARD);
+ import_key(&ii, headers[SADB_EXT_KEY_AUTH],
+ PFKEYV2_AUTHENTICATION_KEY);
+ import_key(&ii, headers[SADB_EXT_KEY_ENCRYPT],
+ PFKEYV2_ENCRYPTION_KEY);
+ import_identity(newsa, headers[SADB_EXT_IDENTITY_SRC],
+ PFKEYV2_IDENTITY_SRC);
+ import_identity(newsa, headers[SADB_EXT_IDENTITY_DST],
+ PFKEYV2_IDENTITY_DST);
+ import_credentials(newsa,
+ headers[SADB_X_EXT_LOCAL_CREDENTIALS],
+ PFKEYV2_CRED_LOCAL);
+ import_credentials(newsa,
+ headers[SADB_X_EXT_REMOTE_CREDENTIALS],
+ PFKEYV2_CRED_REMOTE);
+ import_auth(newsa, headers[SADB_X_EXT_LOCAL_AUTH],
+ PFKEYV2_AUTH_LOCAL);
+ import_auth(newsa, headers[SADB_X_EXT_REMOTE_AUTH],
+ PFKEYV2_AUTH_REMOTE);
+ import_flow(&newsa->tdb_filter, &newsa->tdb_filtermask,
+ headers[SADB_X_EXT_SRC_FLOW],
+ headers[SADB_X_EXT_SRC_MASK],
+ headers[SADB_X_EXT_DST_FLOW],
+ headers[SADB_X_EXT_DST_MASK],
+ headers[SADB_X_EXT_PROTOCOL],
+ headers[SADB_X_EXT_FLOW_TYPE]);
+
+ headers[SADB_EXT_KEY_AUTH] = NULL;
+ headers[SADB_EXT_KEY_ENCRYPT] = NULL;
+ headers[SADB_X_EXT_LOCAL_AUTH] = NULL;
+
+ newsa->tdb_seq = smsg->sadb_msg_seq;
+
+ rval = tdb_init(newsa, alg, &ii);
+ if (rval) {
+ rval = EINVAL;
+ tdb_delete(freeme);
+ freeme = NULL;
+ goto splxret;
+ }
+
+ newsa->tdb_cur_allocations = sa2->tdb_cur_allocations;
+
+ /* Delete old version of the SA, insert new one */
+ tdb_delete(sa2);
+ puttdb((struct tdb *) freeme);
+ sa2 = freeme = NULL;
+ } else {
+ /*
+ * The SA is already initialized, so we're only allowed to
+ * change lifetimes and some other information; we're
+ * not allowed to change keys, addresses or identities.
+ */
+ if (headers[SADB_EXT_ADDRESS_PROXY] ||
+ headers[SADB_EXT_KEY_AUTH] ||
+ headers[SADB_EXT_KEY_ENCRYPT] ||
+ headers[SADB_EXT_IDENTITY_SRC] ||
+ headers[SADB_EXT_IDENTITY_DST] ||
+ headers[SADB_EXT_SENSITIVITY]) {
+ rval = EINVAL;
+ goto splxret;
+ }
+
+ import_sa(sa2, headers[SADB_EXT_SA], NULL);
+ import_lifetime(sa2,
+ headers[SADB_EXT_LIFETIME_CURRENT],
+ PFKEYV2_LIFETIME_CURRENT);
+ import_lifetime(sa2, headers[SADB_EXT_LIFETIME_SOFT],
+ PFKEYV2_LIFETIME_SOFT);
+ import_lifetime(sa2, headers[SADB_EXT_LIFETIME_HARD],
+ PFKEYV2_LIFETIME_HARD);
+ }
- splx(s);
- break;
+ splx(s);
+ break;
case SADB_ADD:
- ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
- sunionp = (union sockaddr_union *) (headers[SADB_EXT_ADDRESS_DST] +
- sizeof(struct sadb_address));
-
- /* Either all or none of the flow must be included */
- if ((headers[SADB_X_EXT_SRC_FLOW] ||
- headers[SADB_X_EXT_PROTOCOL] ||
- headers[SADB_X_EXT_FLOW_TYPE] ||
- headers[SADB_X_EXT_DST_FLOW] ||
- headers[SADB_X_EXT_SRC_MASK] ||
- headers[SADB_X_EXT_DST_MASK]) &&
- !(headers[SADB_X_EXT_SRC_FLOW] &&
- headers[SADB_X_EXT_PROTOCOL] &&
- headers[SADB_X_EXT_FLOW_TYPE] &&
- headers[SADB_X_EXT_DST_FLOW] &&
- headers[SADB_X_EXT_SRC_MASK] &&
- headers[SADB_X_EXT_DST_MASK]))
- {
- rval = EINVAL;
- goto ret;
- }
-
- s = spltdb();
+ ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
+ sunionp = (union sockaddr_union *) (headers[SADB_EXT_ADDRESS_DST] +
+ sizeof(struct sadb_address));
+
+ /* Either all or none of the flow must be included */
+ if ((headers[SADB_X_EXT_SRC_FLOW] ||
+ headers[SADB_X_EXT_PROTOCOL] ||
+ headers[SADB_X_EXT_FLOW_TYPE] ||
+ headers[SADB_X_EXT_DST_FLOW] ||
+ headers[SADB_X_EXT_SRC_MASK] ||
+ headers[SADB_X_EXT_DST_MASK]) &&
+ !(headers[SADB_X_EXT_SRC_FLOW] &&
+ headers[SADB_X_EXT_PROTOCOL] &&
+ headers[SADB_X_EXT_FLOW_TYPE] &&
+ headers[SADB_X_EXT_DST_FLOW] &&
+ headers[SADB_X_EXT_SRC_MASK] &&
+ headers[SADB_X_EXT_DST_MASK])) {
+ rval = EINVAL;
+ goto ret;
+ }
- sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_X_GETSPROTO(smsg->sadb_msg_satype));
+ s = spltdb();
- /* We can't add an existing SA! */
- if (sa2 != NULL)
- {
- rval = EEXIST;
- goto splxret;
- }
+ sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));
- /* We can only add "mature" SAs */
- if (ssa->sadb_sa_state != SADB_SASTATE_MATURE)
- {
- rval = EINVAL;
- goto splxret;
- }
-
- /* Allocate and initialize new TDB */
- freeme = tdb_alloc();
-
- {
- struct tdb *newsa = (struct tdb *) freeme;
- struct ipsecinit ii;
- int alg;
-
- bzero(&ii, sizeof(struct ipsecinit));
-
- newsa->tdb_satype = smsg->sadb_msg_satype;
- if ((rval = pfkeyv2_get_proto_alg(newsa->tdb_satype,
- &newsa->tdb_sproto, &alg)))
- goto splxret;
-
- import_sa(newsa, headers[SADB_EXT_SA], &ii);
- import_address((struct sockaddr *) &newsa->tdb_src,
- headers[SADB_EXT_ADDRESS_SRC]);
- import_address((struct sockaddr *) &newsa->tdb_dst,
- headers[SADB_EXT_ADDRESS_DST]);
- import_address((struct sockaddr *) &newsa->tdb_proxy,
- headers[SADB_EXT_ADDRESS_PROXY]);
-
- import_lifetime(newsa, headers[SADB_EXT_LIFETIME_CURRENT],
- PFKEYV2_LIFETIME_CURRENT);
- import_lifetime(newsa, headers[SADB_EXT_LIFETIME_SOFT],
- PFKEYV2_LIFETIME_SOFT);
- import_lifetime(newsa, headers[SADB_EXT_LIFETIME_HARD],
- PFKEYV2_LIFETIME_HARD);
-
- import_key(&ii, headers[SADB_EXT_KEY_AUTH],
- PFKEYV2_AUTHENTICATION_KEY);
- import_key(&ii, headers[SADB_EXT_KEY_ENCRYPT],
- PFKEYV2_ENCRYPTION_KEY);
-
- import_identity(newsa, headers[SADB_EXT_IDENTITY_SRC],
- PFKEYV2_IDENTITY_SRC);
- import_identity(newsa, headers[SADB_EXT_IDENTITY_DST],
- PFKEYV2_IDENTITY_DST);
-
- import_credentials(newsa,
- headers[SADB_X_EXT_LOCAL_CREDENTIALS],
- PFKEYV2_CRED_LOCAL);
- import_credentials(newsa,
- headers[SADB_X_EXT_REMOTE_CREDENTIALS],
- PFKEYV2_CRED_REMOTE);
- import_auth(newsa, headers[SADB_X_EXT_LOCAL_AUTH],
- PFKEYV2_AUTH_LOCAL);
- import_auth(newsa, headers[SADB_X_EXT_REMOTE_AUTH],
- PFKEYV2_AUTH_REMOTE);
- import_flow(&newsa->tdb_filter, &newsa->tdb_filtermask,
- headers[SADB_X_EXT_SRC_FLOW], headers[SADB_X_EXT_SRC_MASK],
- headers[SADB_X_EXT_DST_FLOW], headers[SADB_X_EXT_DST_MASK],
- headers[SADB_X_EXT_PROTOCOL],
- headers[SADB_X_EXT_FLOW_TYPE]);
+ /* We can't add an existing SA! */
+ if (sa2 != NULL) {
+ rval = EEXIST;
+ goto splxret;
+ }
- headers[SADB_EXT_KEY_AUTH] = NULL;
- headers[SADB_EXT_KEY_ENCRYPT] = NULL;
- headers[SADB_X_EXT_LOCAL_AUTH] = NULL;
+ /* We can only add "mature" SAs */
+ if (ssa->sadb_sa_state != SADB_SASTATE_MATURE) {
+ rval = EINVAL;
+ goto splxret;
+ }
- newsa->tdb_seq = smsg->sadb_msg_seq;
+ /* Allocate and initialize new TDB */
+ freeme = tdb_alloc();
- rval = tdb_init(newsa, alg, &ii);
- if (rval)
{
- rval = EINVAL;
- tdb_delete(freeme);
- freeme = NULL;
- goto splxret;
+ struct tdb *newsa = (struct tdb *) freeme;
+ struct ipsecinit ii;
+ int alg;
+
+ bzero(&ii, sizeof(struct ipsecinit));
+
+ newsa->tdb_satype = smsg->sadb_msg_satype;
+ if ((rval = pfkeyv2_get_proto_alg(newsa->tdb_satype,
+ &newsa->tdb_sproto, &alg)))
+ goto splxret;
+
+ import_sa(newsa, headers[SADB_EXT_SA], &ii);
+ import_address((struct sockaddr *) &newsa->tdb_src,
+ headers[SADB_EXT_ADDRESS_SRC]);
+ import_address((struct sockaddr *) &newsa->tdb_dst,
+ headers[SADB_EXT_ADDRESS_DST]);
+ import_address((struct sockaddr *) &newsa->tdb_proxy,
+ headers[SADB_EXT_ADDRESS_PROXY]);
+
+ import_lifetime(newsa,
+ headers[SADB_EXT_LIFETIME_CURRENT],
+ PFKEYV2_LIFETIME_CURRENT);
+ import_lifetime(newsa, headers[SADB_EXT_LIFETIME_SOFT],
+ PFKEYV2_LIFETIME_SOFT);
+ import_lifetime(newsa, headers[SADB_EXT_LIFETIME_HARD],
+ PFKEYV2_LIFETIME_HARD);
+
+ import_key(&ii, headers[SADB_EXT_KEY_AUTH],
+ PFKEYV2_AUTHENTICATION_KEY);
+ import_key(&ii, headers[SADB_EXT_KEY_ENCRYPT],
+ PFKEYV2_ENCRYPTION_KEY);
+
+ import_identity(newsa, headers[SADB_EXT_IDENTITY_SRC],
+ PFKEYV2_IDENTITY_SRC);
+ import_identity(newsa, headers[SADB_EXT_IDENTITY_DST],
+ PFKEYV2_IDENTITY_DST);
+
+ import_credentials(newsa,
+ headers[SADB_X_EXT_LOCAL_CREDENTIALS],
+ PFKEYV2_CRED_LOCAL);
+ import_credentials(newsa,
+ headers[SADB_X_EXT_REMOTE_CREDENTIALS],
+ PFKEYV2_CRED_REMOTE);
+ import_auth(newsa, headers[SADB_X_EXT_LOCAL_AUTH],
+ PFKEYV2_AUTH_LOCAL);
+ import_auth(newsa, headers[SADB_X_EXT_REMOTE_AUTH],
+ PFKEYV2_AUTH_REMOTE);
+ import_flow(&newsa->tdb_filter, &newsa->tdb_filtermask,
+ headers[SADB_X_EXT_SRC_FLOW],
+ headers[SADB_X_EXT_SRC_MASK],
+ headers[SADB_X_EXT_DST_FLOW],
+ headers[SADB_X_EXT_DST_MASK],
+ headers[SADB_X_EXT_PROTOCOL],
+ headers[SADB_X_EXT_FLOW_TYPE]);
+
+ headers[SADB_EXT_KEY_AUTH] = NULL;
+ headers[SADB_EXT_KEY_ENCRYPT] = NULL;
+ headers[SADB_X_EXT_LOCAL_AUTH] = NULL;
+
+ newsa->tdb_seq = smsg->sadb_msg_seq;
+
+ rval = tdb_init(newsa, alg, &ii);
+ if (rval) {
+ rval = EINVAL;
+ tdb_delete(freeme);
+ freeme = NULL;
+ goto splxret;
+ }
}
- }
- /* Add TDB in table */
- puttdb((struct tdb *) freeme);
+ /* Add TDB in table */
+ puttdb((struct tdb *) freeme);
- splx(s);
+ splx(s);
- freeme = NULL;
- break;
+ freeme = NULL;
+ break;
case SADB_DELETE:
- ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
- sunionp = (union sockaddr_union *) (headers[SADB_EXT_ADDRESS_DST] +
- sizeof(struct sadb_address));
- s = spltdb();
-
- sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_X_GETSPROTO(smsg->sadb_msg_satype));
- if (sa2 == NULL)
- {
- rval = ESRCH;
- goto splxret;
- }
+ ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
+ sunionp = (union sockaddr_union *) (headers[SADB_EXT_ADDRESS_DST] +
+ sizeof(struct sadb_address));
+ s = spltdb();
+
+ sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));
+ if (sa2 == NULL) {
+ rval = ESRCH;
+ goto splxret;
+ }
- tdb_delete(sa2);
+ tdb_delete(sa2);
- splx(s);
+ splx(s);
- sa2 = NULL;
- break;
+ sa2 = NULL;
+ break;
case SADB_X_ASKPOLICY:
- /* Get the relevant policy */
- ipa = ipsec_get_acquire(((struct sadb_x_policy *) headers[SADB_X_EXT_POLICY])->sadb_x_policy_seq);
- if (ipa == NULL)
- {
- rval = ESRCH;
- goto ret;
- }
+ /* Get the relevant policy */
+ ipa = ipsec_get_acquire(((struct sadb_x_policy *) headers[SADB_X_EXT_POLICY])->sadb_x_policy_seq);
+ if (ipa == NULL) {
+ rval = ESRCH;
+ goto ret;
+ }
- rval = pfkeyv2_policy(ipa, headers, &freeme);
- if (rval)
- mode = PFKEYV2_SENDMESSAGE_UNICAST;
+ rval = pfkeyv2_policy(ipa, headers, &freeme);
+ if (rval)
+ mode = PFKEYV2_SENDMESSAGE_UNICAST;
- break;
+ break;
case SADB_GET:
- ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
- sunionp = (union sockaddr_union *) (headers[SADB_EXT_ADDRESS_DST] +
- sizeof(struct sadb_address));
- s = spltdb();
-
- sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_X_GETSPROTO(smsg->sadb_msg_satype));
- if (sa2 == NULL)
- {
- rval = ESRCH;
- goto splxret;
- }
+ ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
+ sunionp = (union sockaddr_union *) (headers[SADB_EXT_ADDRESS_DST] +
+ sizeof(struct sadb_address));
+ s = spltdb();
+
+ sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));
+ if (sa2 == NULL) {
+ rval = ESRCH;
+ goto splxret;
+ }
- rval = pfkeyv2_get(sa2, headers, &freeme);
- if (rval)
- mode = PFKEYV2_SENDMESSAGE_UNICAST;
+ rval = pfkeyv2_get(sa2, headers, &freeme);
+ if (rval)
+ mode = PFKEYV2_SENDMESSAGE_UNICAST;
- splx(s);
+ splx(s);
- break;
+ break;
case SADB_REGISTER:
- pfkeyv2_socket->flags |= PFKEYV2_SOCKETFLAGS_REGISTERED;
- nregistered++;
+ pfkeyv2_socket->flags |= PFKEYV2_SOCKETFLAGS_REGISTERED;
+ nregistered++;
- i = sizeof(struct sadb_supported) + sizeof(ealgs);
+ i = sizeof(struct sadb_supported) + sizeof(ealgs);
- if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT)))
- {
- rval = ENOMEM;
- goto ret;
- }
+ if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ }
- bzero(freeme, i);
+ bzero(freeme, i);
- ssup = (struct sadb_supported *) freeme;
- ssup->sadb_supported_len = i / sizeof(uint64_t);
+ ssup = (struct sadb_supported *) freeme;
+ ssup->sadb_supported_len = i / sizeof(uint64_t);
- {
- void *p = freeme + sizeof(struct sadb_supported);
+ {
+ void *p = freeme + sizeof(struct sadb_supported);
- bcopy(&ealgs[0], p, sizeof(ealgs));
- }
+ bcopy(&ealgs[0], p, sizeof(ealgs));
+ }
- headers[SADB_EXT_SUPPORTED_ENCRYPT] = freeme;
+ headers[SADB_EXT_SUPPORTED_ENCRYPT] = freeme;
- i = sizeof(struct sadb_supported) + sizeof(aalgs);
+ i = sizeof(struct sadb_supported) + sizeof(aalgs);
- if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT)))
- {
- rval = ENOMEM;
- goto ret;
- }
+ if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ }
- /* Keep track what this socket has registered for */
- pfkeyv2_socket->registration |= (1 << ((struct sadb_msg *)message)->sadb_msg_satype);
+ /* Keep track what this socket has registered for */
+ pfkeyv2_socket->registration |= (1 << ((struct sadb_msg *)message)->sadb_msg_satype);
- bzero(freeme, i);
+ bzero(freeme, i);
- ssup = (struct sadb_supported *) freeme;
- ssup->sadb_supported_len = i / sizeof(uint64_t);
+ ssup = (struct sadb_supported *) freeme;
+ ssup->sadb_supported_len = i / sizeof(uint64_t);
- {
- void *p = freeme + sizeof(struct sadb_supported);
+ {
+ void *p = freeme + sizeof(struct sadb_supported);
- bcopy(&aalgs[0], p, sizeof(aalgs));
- }
+ bcopy(&aalgs[0], p, sizeof(aalgs));
+ }
- headers[SADB_EXT_SUPPORTED_AUTH] = freeme;
+ headers[SADB_EXT_SUPPORTED_AUTH] = freeme;
- i = sizeof(struct sadb_supported) + sizeof(calgs);
+ i = sizeof(struct sadb_supported) + sizeof(calgs);
- if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT)))
- {
- rval = ENOMEM;
- goto ret;
- }
+ if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ }
- bzero(freeme, i);
+ bzero(freeme, i);
- ssup = (struct sadb_supported *) freeme;
- ssup->sadb_supported_len = i / sizeof(uint64_t);
+ ssup = (struct sadb_supported *) freeme;
+ ssup->sadb_supported_len = i / sizeof(uint64_t);
- {
- void *p = freeme + sizeof(struct sadb_supported);
+ {
+ void *p = freeme + sizeof(struct sadb_supported);
- bcopy(&calgs[0], p, sizeof(calgs));
- }
+ bcopy(&calgs[0], p, sizeof(calgs));
+ }
- headers[SADB_X_EXT_SUPPORTED_COMP] = freeme;
+ headers[SADB_X_EXT_SUPPORTED_COMP] = freeme;
- break;
+ break;
case SADB_ACQUIRE:
case SADB_EXPIRE:
- /* Nothing to handle */
- rval = 0;
- break;
+ /* Nothing to handle */
+ rval = 0;
+ break;
case SADB_FLUSH:
- rval = 0;
+ rval = 0;
- switch(smsg->sadb_msg_satype)
- {
+ switch(smsg->sadb_msg_satype) {
case SADB_SATYPE_UNSPEC:
- s = spltdb();
-
- /*
- * Go through the list of policies, delete those that
- * are not socket-attached.
- */
- for (ipo = TAILQ_FIRST(&ipsec_policy_head);
- ipo != NULL;
- ipo = tmpipo)
- {
- tmpipo = TAILQ_NEXT(ipo, ipo_list);
- if (!(ipo->ipo_flags & IPSP_POLICY_SOCKET))
- ipsec_delete_policy(ipo);
- }
- splx(s);
- /* Fall through */
+ s = spltdb();
+
+ /*
+ * Go through the list of policies, delete those that
+ * are not socket-attached.
+ */
+ for (ipo = TAILQ_FIRST(&ipsec_policy_head);
+ ipo != NULL; ipo = tmpipo) {
+ tmpipo = TAILQ_NEXT(ipo, ipo_list);
+ if (!(ipo->ipo_flags & IPSP_POLICY_SOCKET))
+ ipsec_delete_policy(ipo);
+ }
+ splx(s);
+ /* Fall through */
case SADB_SATYPE_AH:
case SADB_SATYPE_ESP:
case SADB_X_SATYPE_IPIP:
@@ -1344,467 +1288,441 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
#ifdef TCP_SIGNATURE
case SADB_X_SATYPE_TCPSIGNATURE:
#endif /* TCP_SIGNATURE */
- s = spltdb();
+ s = spltdb();
- tdb_walk(pfkeyv2_flush_walker,
- (u_int8_t *) &(smsg->sadb_msg_satype));
+ tdb_walk(pfkeyv2_flush_walker,
+ (u_int8_t *) &(smsg->sadb_msg_satype));
- splx(s);
- break;
+ splx(s);
+ break;
default:
- rval = EINVAL; /* Unknown/unsupported type */
- }
+ rval = EINVAL; /* Unknown/unsupported type */
+ }
- break;
+ break;
case SADB_DUMP:
{
- struct dump_state dump_state;
- dump_state.sadb_msg = (struct sadb_msg *) headers[0];
- dump_state.socket = socket;
+ struct dump_state dump_state;
+ dump_state.sadb_msg = (struct sadb_msg *) headers[0];
+ dump_state.socket = socket;
- if (!(rval = tdb_walk(pfkeyv2_dump_walker, &dump_state)))
- goto realret;
+ if (!(rval = tdb_walk(pfkeyv2_dump_walker, &dump_state)))
+ goto realret;
- if ((rval == ENOMEM) || (rval == ENOBUFS))
- rval = 0;
+ if ((rval == ENOMEM) || (rval == ENOBUFS))
+ rval = 0;
}
-
- break;
+ break;
case SADB_X_GRPSPIS:
{
- struct tdb *tdb1, *tdb2, *tdb3;
- struct sadb_protocol *sa_proto;
+ struct tdb *tdb1, *tdb2, *tdb3;
+ struct sadb_protocol *sa_proto;
- ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
- sunionp = (union sockaddr_union *) (headers[SADB_EXT_ADDRESS_DST] +
- sizeof(struct sadb_address));
+ ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
+ sunionp = (union sockaddr_union *) (headers[SADB_EXT_ADDRESS_DST] +
+ sizeof(struct sadb_address));
- s = spltdb();
+ s = spltdb();
- tdb1 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_X_GETSPROTO(smsg->sadb_msg_satype));
- if (tdb1 == NULL)
- {
- rval = ESRCH;
- goto splxret;
- }
-
- ssa = (struct sadb_sa *) headers[SADB_X_EXT_SA2];
- sunionp = (union sockaddr_union *) (headers[SADB_X_EXT_DST2] +
- sizeof(struct sadb_address));
- sa_proto = ((struct sadb_protocol *) headers[SADB_X_EXT_PROTOCOL]);
-
- tdb2 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_X_GETSPROTO(sa_proto->sadb_protocol_proto));
- if (tdb2 == NULL)
- {
- rval = ESRCH;
- goto splxret;
- }
-
- /* Detect cycles */
- for (tdb3 = tdb2; tdb3; tdb3 = tdb3->tdb_onext)
- if (tdb3 == tdb1)
- {
- rval = ESRCH;
- goto splxret;
- }
-
- /* Maintenance */
- if ((tdb1->tdb_onext) &&
- (tdb1->tdb_onext->tdb_inext == tdb1))
- tdb1->tdb_onext->tdb_inext = NULL;
-
- if ((tdb2->tdb_inext) &&
- (tdb2->tdb_inext->tdb_onext == tdb2))
- tdb2->tdb_inext->tdb_onext = NULL;
-
- /* Link them */
- tdb1->tdb_onext = tdb2;
- tdb2->tdb_inext = tdb1;
-
- splx(s);
+ tdb1 = gettdb(ssa->sadb_sa_spi, sunionp,
+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));
+ if (tdb1 == NULL) {
+ rval = ESRCH;
+ goto splxret;
+ }
+
+ ssa = (struct sadb_sa *) headers[SADB_X_EXT_SA2];
+ sunionp = (union sockaddr_union *) (headers[SADB_X_EXT_DST2] +
+ sizeof(struct sadb_address));
+ sa_proto = ((struct sadb_protocol *) headers[SADB_X_EXT_PROTOCOL]);
+
+ tdb2 = gettdb(ssa->sadb_sa_spi, sunionp,
+ SADB_X_GETSPROTO(sa_proto->sadb_protocol_proto));
+ if (tdb2 == NULL) {
+ rval = ESRCH;
+ goto splxret;
+ }
+
+ /* Detect cycles */
+ for (tdb3 = tdb2; tdb3; tdb3 = tdb3->tdb_onext)
+ if (tdb3 == tdb1) {
+ rval = ESRCH;
+ goto splxret;
+ }
+
+ /* Maintenance */
+ if ((tdb1->tdb_onext) &&
+ (tdb1->tdb_onext->tdb_inext == tdb1))
+ tdb1->tdb_onext->tdb_inext = NULL;
+
+ if ((tdb2->tdb_inext) &&
+ (tdb2->tdb_inext->tdb_onext == tdb2))
+ tdb2->tdb_inext->tdb_onext = NULL;
+
+ /* Link them */
+ tdb1->tdb_onext = tdb2;
+ tdb2->tdb_inext = tdb1;
+
+ splx(s);
}
- break;
+ break;
case SADB_X_DELFLOW:
- delflag = 1; /* fall through */
-
+ delflag = 1;
+ /*FALLTHROUGH*/
case SADB_X_ADDFLOW:
{
- struct sadb_protocol *sab;
- union sockaddr_union *ssrc;
- struct route_enc re;
- int exists = 0;
+ struct sadb_protocol *sab;
+ union sockaddr_union *ssrc;
+ struct route_enc re;
+ int exists = 0;
- sab = (struct sadb_protocol *) headers[SADB_X_EXT_FLOW_TYPE];
+ sab = (struct sadb_protocol *) headers[SADB_X_EXT_FLOW_TYPE];
- if ((sab->sadb_protocol_direction != IPSP_DIRECTION_IN) &&
- (sab->sadb_protocol_direction != IPSP_DIRECTION_OUT))
- {
- rval = EINVAL;
- goto ret;
- }
-
- /* If the security protocol wasn't specified, pretend it was ESP */
- if (smsg->sadb_msg_satype == 0)
- smsg->sadb_msg_satype = SADB_SATYPE_ESP;
-
- if (headers[SADB_EXT_ADDRESS_DST])
- sunionp = (union sockaddr_union *)
- (headers[SADB_EXT_ADDRESS_DST] +
- sizeof(struct sadb_address));
- else
- sunionp = NULL;
-
- if (headers[SADB_EXT_ADDRESS_SRC])
- ssrc = (union sockaddr_union *)
- (headers[SADB_EXT_ADDRESS_SRC] +
- sizeof(struct sadb_address));
- else
- ssrc = NULL;
-
- import_flow(&encapdst, &encapnetmask,
- headers[SADB_X_EXT_SRC_FLOW], headers[SADB_X_EXT_SRC_MASK],
- headers[SADB_X_EXT_DST_FLOW], headers[SADB_X_EXT_DST_MASK],
- headers[SADB_X_EXT_PROTOCOL], headers[SADB_X_EXT_FLOW_TYPE]);
-
- /* Determine whether the exact same SPD entry already exists. */
- bzero(&encapgw, sizeof(struct sockaddr_encap));
- bzero(&re, sizeof(struct route_enc));
- bcopy(&encapdst, &re.re_dst, sizeof(struct sockaddr_encap));
-
- s = spltdb();
-
- rtalloc((struct route *) &re);
- if (re.re_rt != NULL)
- {
- ipo = ((struct sockaddr_encap *) re.re_rt->rt_gateway)->sen_ipsp;
- RTFREE(re.re_rt);
-
- /* Verify that the entry is identical */
- if (bcmp(&ipo->ipo_addr, &encapdst,
- sizeof(struct sockaddr_encap)) ||
- bcmp(&ipo->ipo_mask, &encapnetmask,
- sizeof(struct sockaddr_encap)))
- ipo = NULL; /* Fall through */
+ if ((sab->sadb_protocol_direction != IPSP_DIRECTION_IN) &&
+ (sab->sadb_protocol_direction != IPSP_DIRECTION_OUT)) {
+ rval = EINVAL;
+ goto ret;
+ }
+
+ /* If the security protocol wasn't specified, pretend it was ESP */
+ if (smsg->sadb_msg_satype == 0)
+ smsg->sadb_msg_satype = SADB_SATYPE_ESP;
+
+ if (headers[SADB_EXT_ADDRESS_DST])
+ sunionp = (union sockaddr_union *)
+ (headers[SADB_EXT_ADDRESS_DST] +
+ sizeof(struct sadb_address));
else
- exists = 1;
- }
- else
- ipo = NULL;
+ sunionp = NULL;
- /*
- * If the existing policy is static, only delete or update
- * it if the new one is also static.
- */
- if (exists && (ipo->ipo_flags & IPSP_POLICY_STATIC))
- {
- if (!(sab->sadb_protocol_flags & SADB_X_POLICYFLAGS_POLICY))
- {
- splx(s);
- goto ret;
- }
- }
+ if (headers[SADB_EXT_ADDRESS_SRC])
+ ssrc = (union sockaddr_union *)
+ (headers[SADB_EXT_ADDRESS_SRC] +
+ sizeof(struct sadb_address));
+ else
+ ssrc = NULL;
- /* Delete ? */
- if (delflag)
- {
- if (exists)
- {
- rval = ipsec_delete_policy(ipo);
- splx(s);
- goto ret;
- }
+ import_flow(&encapdst, &encapnetmask,
+ headers[SADB_X_EXT_SRC_FLOW], headers[SADB_X_EXT_SRC_MASK],
+ headers[SADB_X_EXT_DST_FLOW], headers[SADB_X_EXT_DST_MASK],
+ headers[SADB_X_EXT_PROTOCOL], headers[SADB_X_EXT_FLOW_TYPE]);
+
+ /* Determine whether the exact same SPD entry already exists. */
+ bzero(&encapgw, sizeof(struct sockaddr_encap));
+ bzero(&re, sizeof(struct route_enc));
+ bcopy(&encapdst, &re.re_dst, sizeof(struct sockaddr_encap));
+
+ s = spltdb();
+
+ rtalloc((struct route *) &re);
+ if (re.re_rt != NULL) {
+ ipo = ((struct sockaddr_encap *) re.re_rt->rt_gateway)->sen_ipsp;
+ RTFREE(re.re_rt);
+
+ /* Verify that the entry is identical */
+ if (bcmp(&ipo->ipo_addr, &encapdst,
+ sizeof(struct sockaddr_encap)) ||
+ bcmp(&ipo->ipo_mask, &encapnetmask,
+ sizeof(struct sockaddr_encap)))
+ ipo = NULL; /* Fall through */
+ else
+ exists = 1;
+ } else
+ ipo = NULL;
- /* If we were asked to delete something non-existant, error. */
- splx(s);
- rval = ESRCH;
- break;
- }
+ /*
+ * If the existing policy is static, only delete or update
+ * it if the new one is also static.
+ */
+ if (exists && (ipo->ipo_flags & IPSP_POLICY_STATIC)) {
+ if (!(sab->sadb_protocol_flags &
+ SADB_X_POLICYFLAGS_POLICY)) {
+ splx(s);
+ goto ret;
+ }
+ }
- if (!exists)
- {
- if (ipsec_policy_pool_initialized == 0)
- {
- ipsec_policy_pool_initialized = 1;
- pool_init(&ipsec_policy_pool, sizeof(struct ipsec_policy),
- 0, 0, 0, "ipsec policy", NULL);
+ /* Delete ? */
+ if (delflag) {
+ if (exists) {
+ rval = ipsec_delete_policy(ipo);
+ splx(s);
+ goto ret;
+ }
+
+ /* If we were asked to delete something non-existant, error. */
+ splx(s);
+ rval = ESRCH;
+ break;
}
- /* Allocate policy entry */
- ipo = pool_get(&ipsec_policy_pool, 0);
- if (ipo == NULL)
- {
- splx(s);
- rval = ENOMEM;
- goto ret;
+ if (!exists) {
+ if (ipsec_policy_pool_initialized == 0) {
+ ipsec_policy_pool_initialized = 1;
+ pool_init(&ipsec_policy_pool,
+ sizeof(struct ipsec_policy), 0, 0, 0,
+ "ipsec policy", NULL);
+ }
+
+ /* Allocate policy entry */
+ ipo = pool_get(&ipsec_policy_pool, 0);
+ if (ipo == NULL) {
+ splx(s);
+ rval = ENOMEM;
+ goto ret;
+ }
+
+ bzero(ipo, sizeof(struct ipsec_policy));
+ ipo->ipo_ref_count = 1;
+ TAILQ_INIT(&ipo->ipo_acquires);
+
+ /* Finish initialization of SPD entry */
+ encapgw.sen_len = SENT_LEN;
+ encapgw.sen_family = PF_KEY;
+ encapgw.sen_type = SENT_IPSP;
+ encapgw.sen_ipsp = ipo;
+
+ /* Initialize policy entry */
+ bcopy(&encapdst, &ipo->ipo_addr,
+ sizeof(struct sockaddr_encap));
+ bcopy(&encapnetmask, &ipo->ipo_mask,
+ sizeof(struct sockaddr_encap));
}
- bzero(ipo, sizeof(struct ipsec_policy));
- ipo->ipo_ref_count = 1;
- TAILQ_INIT(&ipo->ipo_acquires);
-
- /* Finish initialization of SPD entry */
- encapgw.sen_len = SENT_LEN;
- encapgw.sen_family = PF_KEY;
- encapgw.sen_type = SENT_IPSP;
- encapgw.sen_ipsp = ipo;
-
- /* Initialize policy entry */
- bcopy(&encapdst, &ipo->ipo_addr,
- sizeof(struct sockaddr_encap));
- bcopy(&encapnetmask, &ipo->ipo_mask,
- sizeof(struct sockaddr_encap));
- }
-
- switch (((struct sadb_protocol *) headers[SADB_X_EXT_FLOW_TYPE])->sadb_protocol_proto)
- {
+ switch (((struct sadb_protocol *) headers[SADB_X_EXT_FLOW_TYPE])->sadb_protocol_proto) {
case SADB_X_FLOW_TYPE_USE:
- ipo->ipo_type = IPSP_IPSEC_USE;
- break;
+ ipo->ipo_type = IPSP_IPSEC_USE;
+ break;
case SADB_X_FLOW_TYPE_ACQUIRE:
- ipo->ipo_type = IPSP_IPSEC_ACQUIRE;
- break;
+ ipo->ipo_type = IPSP_IPSEC_ACQUIRE;
+ break;
case SADB_X_FLOW_TYPE_REQUIRE:
- ipo->ipo_type = IPSP_IPSEC_REQUIRE;
- break;
+ ipo->ipo_type = IPSP_IPSEC_REQUIRE;
+ break;
case SADB_X_FLOW_TYPE_DENY:
- ipo->ipo_type = IPSP_DENY;
- break;
+ ipo->ipo_type = IPSP_DENY;
+ break;
case SADB_X_FLOW_TYPE_BYPASS:
- ipo->ipo_type = IPSP_PERMIT;
- break;
+ ipo->ipo_type = IPSP_PERMIT;
+ break;
case SADB_X_FLOW_TYPE_DONTACQ:
- ipo->ipo_type = IPSP_IPSEC_DONTACQ;
- break;
+ ipo->ipo_type = IPSP_IPSEC_DONTACQ;
+ break;
default:
- if (!exists)
- pool_put(&ipsec_policy_pool, ipo);
- else
- ipsec_delete_policy(ipo);
-
- splx(s);
- rval = EINVAL;
- goto ret;
- }
-
- if (sab->sadb_protocol_flags & SADB_X_POLICYFLAGS_POLICY)
- ipo->ipo_flags |= IPSP_POLICY_STATIC;
-
- if (sunionp)
- bcopy(sunionp, &ipo->ipo_dst, sizeof(union sockaddr_union));
- else
- bzero(&ipo->ipo_dst, sizeof(union sockaddr_union));
-
- if (ssrc)
- bcopy(ssrc, &ipo->ipo_src, sizeof(union sockaddr_union));
- else
- bzero(&ipo->ipo_src, sizeof(union sockaddr_union));
-
- ipo->ipo_sproto = SADB_X_GETSPROTO(smsg->sadb_msg_satype);
-
- if (ipo->ipo_srcid)
- {
- ipsp_reffree(ipo->ipo_srcid);
- ipo->ipo_srcid = NULL;
- }
-
- if (ipo->ipo_dstid)
- {
- ipsp_reffree(ipo->ipo_dstid);
- ipo->ipo_dstid = NULL;
- }
-
- if ((sid = headers[SADB_EXT_IDENTITY_SRC]) != NULL)
- {
- int clen = (sid->sadb_ident_len * sizeof(u_int64_t)) -
- sizeof(struct sadb_ident);
-
- MALLOC(ipo->ipo_srcid, struct ipsec_ref *, clen +
- sizeof(struct ipsec_ref), M_CREDENTIALS, M_DONTWAIT);
- if (ipo->ipo_srcid == NULL)
- {
- if (exists)
- ipsec_delete_policy(ipo);
- else
- pool_put(&ipsec_policy_pool, ipo);
- splx(s);
- rval = ENOBUFS;
- goto ret;
+ if (!exists)
+ pool_put(&ipsec_policy_pool, ipo);
+ else
+ ipsec_delete_policy(ipo);
+
+ splx(s);
+ rval = EINVAL;
+ goto ret;
}
- ipo->ipo_srcid->ref_type = sid->sadb_ident_type;
- ipo->ipo_srcid->ref_len = clen;
- ipo->ipo_srcid->ref_count = 1;
- ipo->ipo_srcid->ref_malloctype = M_CREDENTIALS;
- bcopy(sid + 1, ipo->ipo_srcid + 1, ipo->ipo_srcid->ref_len);
- }
-
- if ((sid = headers[SADB_EXT_IDENTITY_DST]) != NULL)
- {
- int clen = (sid->sadb_ident_len * sizeof(u_int64_t)) -
- sizeof(struct sadb_ident);
-
- MALLOC(ipo->ipo_dstid, struct ipsec_ref *, clen +
- sizeof(struct ipsec_ref), M_CREDENTIALS, M_DONTWAIT);
- if (ipo->ipo_dstid == NULL)
- {
- if (exists)
- ipsec_delete_policy(ipo);
- else
- {
- if (ipo->ipo_dstid)
- ipsp_reffree(ipo->ipo_dstid);
- pool_put(&ipsec_policy_pool, ipo);
- }
- splx(s);
- rval = ENOBUFS;
- goto ret;
- }
- ipo->ipo_dstid->ref_type = sid->sadb_ident_type;
- ipo->ipo_dstid->ref_len = clen;
- ipo->ipo_dstid->ref_count = 1;
- ipo->ipo_dstid->ref_malloctype = M_CREDENTIALS;
- bcopy(sid + 1, ipo->ipo_dstid + 1, ipo->ipo_dstid->ref_len);
- }
-
- /* Flow type */
- if (!exists)
- {
- /* Add SPD entry */
- if ((rval = rtrequest(RTM_ADD, (struct sockaddr *) &encapdst,
- (struct sockaddr *) &encapgw,
- (struct sockaddr *) &encapnetmask,
- RTF_UP | RTF_GATEWAY | RTF_STATIC,
- (struct rtentry **) 0)) != 0)
- {
- /* Remove from linked list of policies on TDB */
- if (ipo->ipo_tdb)
- TAILQ_REMOVE(&ipo->ipo_tdb->tdb_policy_head, ipo,
- ipo_tdb_next);
-
- if (ipo->ipo_srcid)
- ipsp_reffree(ipo->ipo_srcid);
- if (ipo->ipo_dstid)
- ipsp_reffree(ipo->ipo_dstid);
- pool_put(&ipsec_policy_pool, ipo);
-
- splx(s);
- goto ret;
- }
+ if (sab->sadb_protocol_flags & SADB_X_POLICYFLAGS_POLICY)
+ ipo->ipo_flags |= IPSP_POLICY_STATIC;
- TAILQ_INSERT_HEAD(&ipsec_policy_head, ipo, ipo_list);
- ipsec_in_use++;
- }
- else
- {
- ipo->ipo_last_searched = ipo->ipo_flags = 0;
- }
+ if (sunionp)
+ bcopy(sunionp, &ipo->ipo_dst,
+ sizeof(union sockaddr_union));
+ else
+ bzero(&ipo->ipo_dst, sizeof(union sockaddr_union));
- splx(s);
- }
- break;
+ if (ssrc)
+ bcopy(ssrc, &ipo->ipo_src,
+ sizeof(union sockaddr_union));
+ else
+ bzero(&ipo->ipo_src, sizeof(union sockaddr_union));
- case SADB_X_PROMISC:
- if (len >= 2 * sizeof(struct sadb_msg))
- {
- struct mbuf *packet;
+ ipo->ipo_sproto = SADB_X_GETSPROTO(smsg->sadb_msg_satype);
- if ((rval = pfdatatopacket(message, len, &packet)) != 0)
- goto ret;
+ if (ipo->ipo_srcid) {
+ ipsp_reffree(ipo->ipo_srcid);
+ ipo->ipo_srcid = NULL;
+ }
- for (so = pfkeyv2_sockets; so; so = so->next)
- if ((so != pfkeyv2_socket) &&
- (!smsg->sadb_msg_seq ||
- (smsg->sadb_msg_seq == pfkeyv2_socket->pid)))
- pfkey_sendup(so->socket, packet, 1);
+ if (ipo->ipo_dstid) {
+ ipsp_reffree(ipo->ipo_dstid);
+ ipo->ipo_dstid = NULL;
+ }
- m_freem(packet);
- }
- else
- {
- if (len != sizeof(struct sadb_msg))
- {
- rval = EINVAL;
- goto ret;
+ if ((sid = headers[SADB_EXT_IDENTITY_SRC]) != NULL) {
+ int clen = (sid->sadb_ident_len * sizeof(u_int64_t)) -
+ sizeof(struct sadb_ident);
+
+ MALLOC(ipo->ipo_srcid, struct ipsec_ref *, clen +
+ sizeof(struct ipsec_ref), M_CREDENTIALS, M_DONTWAIT);
+ if (ipo->ipo_srcid == NULL) {
+ if (exists)
+ ipsec_delete_policy(ipo);
+ else
+ pool_put(&ipsec_policy_pool, ipo);
+ splx(s);
+ rval = ENOBUFS;
+ goto ret;
+ }
+ ipo->ipo_srcid->ref_type = sid->sadb_ident_type;
+ ipo->ipo_srcid->ref_len = clen;
+ ipo->ipo_srcid->ref_count = 1;
+ ipo->ipo_srcid->ref_malloctype = M_CREDENTIALS;
+ bcopy(sid + 1, ipo->ipo_srcid + 1, ipo->ipo_srcid->ref_len);
}
- i = (pfkeyv2_socket->flags &
- PFKEYV2_SOCKETFLAGS_PROMISC) ? 1 : 0;
- j = smsg->sadb_msg_satype ? 1 : 0;
+ if ((sid = headers[SADB_EXT_IDENTITY_DST]) != NULL) {
+ int clen = (sid->sadb_ident_len * sizeof(u_int64_t)) -
+ sizeof(struct sadb_ident);
+
+ MALLOC(ipo->ipo_dstid, struct ipsec_ref *,
+ clen + sizeof(struct ipsec_ref),
+ M_CREDENTIALS, M_DONTWAIT);
+ if (ipo->ipo_dstid == NULL) {
+ if (exists)
+ ipsec_delete_policy(ipo);
+ else {
+ if (ipo->ipo_dstid)
+ ipsp_reffree(ipo->ipo_dstid);
+ pool_put(&ipsec_policy_pool, ipo);
+ }
+
+ splx(s);
+ rval = ENOBUFS;
+ goto ret;
+ }
+ ipo->ipo_dstid->ref_type = sid->sadb_ident_type;
+ ipo->ipo_dstid->ref_len = clen;
+ ipo->ipo_dstid->ref_count = 1;
+ ipo->ipo_dstid->ref_malloctype = M_CREDENTIALS;
+ bcopy(sid + 1, ipo->ipo_dstid + 1,
+ ipo->ipo_dstid->ref_len);
+ }
- if (i ^ j)
- {
- if (j)
- {
- pfkeyv2_socket->flags |= PFKEYV2_SOCKETFLAGS_PROMISC;
- npromisc++;
- }
- else
- {
- pfkeyv2_socket->flags &= ~PFKEYV2_SOCKETFLAGS_PROMISC;
- npromisc--;
- }
+ /* Flow type */
+ if (!exists) {
+ /* Add SPD entry */
+ if ((rval = rtrequest(RTM_ADD,
+ (struct sockaddr *) &encapdst,
+ (struct sockaddr *) &encapgw,
+ (struct sockaddr *) &encapnetmask,
+ RTF_UP | RTF_GATEWAY | RTF_STATIC,
+ (struct rtentry **) 0)) != 0) {
+ /* Remove from linked list of policies on TDB */
+ if (ipo->ipo_tdb)
+ TAILQ_REMOVE(&ipo->ipo_tdb->tdb_policy_head,
+ ipo, ipo_tdb_next);
+
+ if (ipo->ipo_srcid)
+ ipsp_reffree(ipo->ipo_srcid);
+ if (ipo->ipo_dstid)
+ ipsp_reffree(ipo->ipo_dstid);
+ pool_put(&ipsec_policy_pool, ipo);
+
+ splx(s);
+ goto ret;
+ }
+
+ TAILQ_INSERT_HEAD(&ipsec_policy_head, ipo, ipo_list);
+ ipsec_in_use++;
+ } else {
+ ipo->ipo_last_searched = ipo->ipo_flags = 0;
}
- }
- break;
+ splx(s);
+ }
+ break;
+
+ case SADB_X_PROMISC:
+ if (len >= 2 * sizeof(struct sadb_msg)) {
+ struct mbuf *packet;
+
+ if ((rval = pfdatatopacket(message, len, &packet)) != 0)
+ goto ret;
+
+ for (so = pfkeyv2_sockets; so; so = so->next)
+ if ((so != pfkeyv2_socket) &&
+ (!smsg->sadb_msg_seq ||
+ (smsg->sadb_msg_seq == pfkeyv2_socket->pid)))
+ pfkey_sendup(so->socket, packet, 1);
+
+ m_freem(packet);
+ } else {
+ if (len != sizeof(struct sadb_msg)) {
+ rval = EINVAL;
+ goto ret;
+ }
+
+ i = (pfkeyv2_socket->flags &
+ PFKEYV2_SOCKETFLAGS_PROMISC) ? 1 : 0;
+ j = smsg->sadb_msg_satype ? 1 : 0;
+
+ if (i ^ j) {
+ if (j) {
+ pfkeyv2_socket->flags |=
+ PFKEYV2_SOCKETFLAGS_PROMISC;
+ npromisc++;
+ }
+ } else {
+ pfkeyv2_socket->flags &=
+ ~PFKEYV2_SOCKETFLAGS_PROMISC;
+ npromisc--;
+ }
+ }
+
+
+ break;
default:
- rval = EINVAL;
- goto ret;
- }
+ rval = EINVAL;
+ goto ret;
+ }
ret:
- if (rval)
- {
- if ((rval == EINVAL) || (rval == ENOMEM) || (rval == ENOBUFS))
- goto realret;
+ if (rval) {
+ if ((rval == EINVAL) || (rval == ENOMEM) || (rval == ENOBUFS))
+ goto realret;
- for (i = 1; i <= SADB_EXT_MAX; i++)
- headers[i] = NULL;
+ for (i = 1; i <= SADB_EXT_MAX; i++)
+ headers[i] = NULL;
- smsg->sadb_msg_errno = abs(rval);
- }
- else
- {
- uint32_t seen = 0;
+ smsg->sadb_msg_errno = abs(rval);
+ } else {
+ uint32_t seen = 0;
- for (i = 1; i <= SADB_EXT_MAX; i++)
- if (headers[i])
- seen |= (1 << i);
+ for (i = 1; i <= SADB_EXT_MAX; i++)
+ if (headers[i])
+ seen |= (1 << i);
- if ((seen & sadb_exts_allowed_out[smsg->sadb_msg_type]) != seen)
- goto realret;
+ if ((seen & sadb_exts_allowed_out[smsg->sadb_msg_type])
+ != seen)
+ goto realret;
- if ((seen & sadb_exts_required_out[smsg->sadb_msg_type]) !=
- sadb_exts_required_out[smsg->sadb_msg_type])
- goto realret;
- }
+ if ((seen & sadb_exts_required_out[smsg->sadb_msg_type]) !=
+ sadb_exts_required_out[smsg->sadb_msg_type])
+ goto realret;
+ }
- rval = pfkeyv2_sendmessage(headers, mode, socket, 0, 0);
+ rval = pfkeyv2_sendmessage(headers, mode, socket, 0, 0);
realret:
- if (freeme)
- free(freeme, M_PFKEY);
+ if (freeme)
+ free(freeme, M_PFKEY);
- free(message, M_PFKEY);
+ free(message, M_PFKEY);
- return rval;
+ return (rval);
splxret:
- splx(s);
- goto ret;
+ splx(s);
+ goto ret;
}
/*
@@ -1815,289 +1733,253 @@ pfkeyv2_acquire(struct ipsec_policy *ipo, union sockaddr_union *gw,
union sockaddr_union *laddr, u_int32_t *seq,
struct sockaddr_encap *ddst)
{
- void *p, *headers[SADB_EXT_MAX + 1], *buffer = NULL;
- struct sadb_ident *srcid, *dstid;
- struct sadb_x_cred *lcred, *lauth;
- struct sadb_comb *sadb_comb;
- struct sadb_address *sadd;
- struct sadb_prop *sa_prop;
- struct sadb_msg *smsg;
- int rval = 0;
- int i, j;
-
- *seq = pfkeyv2_seq++;
-
- if (!nregistered)
- {
- rval = ESRCH;
- goto ret;
- }
+ void *p, *headers[SADB_EXT_MAX + 1], *buffer = NULL;
+ struct sadb_ident *srcid, *dstid;
+ struct sadb_x_cred *lcred, *lauth;
+ struct sadb_comb *sadb_comb;
+ struct sadb_address *sadd;
+ struct sadb_prop *sa_prop;
+ struct sadb_msg *smsg;
+ int rval = 0;
+ int i, j;
+
+ *seq = pfkeyv2_seq++;
+
+ if (!nregistered) {
+ rval = ESRCH;
+ goto ret;
+ }
- /* How large a buffer do we need... XXX we only do one proposal for now */
- i = sizeof(struct sadb_msg) +
- (laddr == NULL ? 0 : sizeof(struct sadb_address) +
- PADUP(SA_LEN(&ipo->ipo_src.sa))) +
- sizeof(struct sadb_address) + PADUP(SA_LEN(&gw->sa)) +
- sizeof(struct sadb_prop) + 1 * sizeof(struct sadb_comb);
+ /* How large a buffer do we need... XXX we only do one proposal for now */
+ i = sizeof(struct sadb_msg) +
+ (laddr == NULL ? 0 : sizeof(struct sadb_address) +
+ PADUP(SA_LEN(&ipo->ipo_src.sa))) +
+ sizeof(struct sadb_address) + PADUP(SA_LEN(&gw->sa)) +
+ sizeof(struct sadb_prop) + 1 * sizeof(struct sadb_comb);
- if (ipo->ipo_srcid)
- i += sizeof(struct sadb_ident) + PADUP(ipo->ipo_srcid->ref_len);
+ if (ipo->ipo_srcid)
+ i += sizeof(struct sadb_ident) + PADUP(ipo->ipo_srcid->ref_len);
- if (ipo->ipo_dstid)
- i += sizeof(struct sadb_ident) + PADUP(ipo->ipo_dstid->ref_len);
+ if (ipo->ipo_dstid)
+ i += sizeof(struct sadb_ident) + PADUP(ipo->ipo_dstid->ref_len);
- /* Allocate */
- if (!(p = malloc(i, M_PFKEY, M_DONTWAIT)))
- {
- rval = ENOMEM;
- goto ret;
- }
+ /* Allocate */
+ if (!(p = malloc(i, M_PFKEY, M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ }
- bzero(headers, sizeof(headers));
-
- buffer = p;
- bzero(p, i);
-
- headers[0] = p;
- p += sizeof(struct sadb_msg);
-
- smsg = (struct sadb_msg *) headers[0];
- smsg->sadb_msg_version = PF_KEY_V2;
- smsg->sadb_msg_type = SADB_ACQUIRE;
- smsg->sadb_msg_len = i / sizeof(uint64_t);
- smsg->sadb_msg_seq = *seq;
-
- if (ipo->ipo_sproto == IPPROTO_ESP)
- smsg->sadb_msg_satype = SADB_SATYPE_ESP;
- else if (ipo->ipo_sproto == IPPROTO_AH)
- smsg->sadb_msg_satype = SADB_SATYPE_AH;
- else if (ipo->ipo_sproto == IPPROTO_IPCOMP)
- smsg->sadb_msg_satype = SADB_X_SATYPE_IPCOMP;
-
- if (laddr)
- {
- headers[SADB_EXT_ADDRESS_SRC] = p;
- p += sizeof(struct sadb_address) + PADUP(SA_LEN(&laddr->sa));
- sadd = (struct sadb_address *) headers[SADB_EXT_ADDRESS_SRC];
- sadd->sadb_address_len = (sizeof(struct sadb_address) +
- SA_LEN(&laddr->sa) +
- sizeof(uint64_t) - 1) / sizeof(uint64_t);
- bcopy(laddr,
- headers[SADB_EXT_ADDRESS_SRC] + sizeof(struct sadb_address),
- SA_LEN(&laddr->sa));
- }
+ bzero(headers, sizeof(headers));
- headers[SADB_EXT_ADDRESS_DST] = p;
- p += sizeof(struct sadb_address) + PADUP(SA_LEN(&gw->sa));
- sadd = (struct sadb_address *) headers[SADB_EXT_ADDRESS_DST];
- sadd->sadb_address_len = (sizeof(struct sadb_address) +
- SA_LEN(&gw->sa) +
- sizeof(uint64_t) - 1) / sizeof(uint64_t);
- bcopy(gw, headers[SADB_EXT_ADDRESS_DST] + sizeof(struct sadb_address),
- SA_LEN(&gw->sa));
-
- if (ipo->ipo_srcid)
- {
- headers[SADB_EXT_IDENTITY_SRC] = p;
- p += sizeof(struct sadb_ident) + PADUP(ipo->ipo_srcid->ref_len);
- srcid = (struct sadb_ident *) headers[SADB_EXT_IDENTITY_SRC];
- srcid->sadb_ident_len = (sizeof(struct sadb_ident) +
- PADUP(ipo->ipo_srcid->ref_len)) /
- sizeof(u_int64_t);
- srcid->sadb_ident_type = ipo->ipo_srcid->ref_type;
- bcopy(ipo->ipo_srcid + 1, headers[SADB_EXT_IDENTITY_SRC] +
- sizeof(struct sadb_ident), ipo->ipo_srcid->ref_len);
- }
+ buffer = p;
+ bzero(p, i);
- if (ipo->ipo_dstid)
- {
- headers[SADB_EXT_IDENTITY_DST] = p;
- p += sizeof(struct sadb_ident) + PADUP(ipo->ipo_dstid->ref_len);
- dstid = (struct sadb_ident *) headers[SADB_EXT_IDENTITY_DST];
- dstid->sadb_ident_len = (sizeof(struct sadb_ident) +
- PADUP(ipo->ipo_dstid->ref_len)) /
- sizeof(u_int64_t);
- dstid->sadb_ident_type = ipo->ipo_dstid->ref_type;
- bcopy(ipo->ipo_dstid + 1, headers[SADB_EXT_IDENTITY_DST] +
- sizeof(struct sadb_ident), ipo->ipo_dstid->ref_len);
- }
+ headers[0] = p;
+ p += sizeof(struct sadb_msg);
- if (ipo->ipo_local_cred)
- {
- headers[SADB_X_EXT_LOCAL_CREDENTIALS] = p;
- p += sizeof(struct sadb_x_cred) + PADUP(ipo->ipo_local_cred->ref_len);
- lcred = (struct sadb_x_cred *) headers[SADB_X_EXT_LOCAL_CREDENTIALS];
- lcred->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +
- PADUP(ipo->ipo_local_cred->ref_len)) /
- sizeof(u_int64_t);
- switch (ipo->ipo_local_cred->ref_type)
- {
- case IPSP_CRED_KEYNOTE:
- lcred->sadb_x_cred_type = SADB_X_CREDTYPE_KEYNOTE;
- break;
- case IPSP_CRED_X509:
- lcred->sadb_x_cred_type = SADB_X_CREDTYPE_X509;
- break;
+ smsg = (struct sadb_msg *) headers[0];
+ smsg->sadb_msg_version = PF_KEY_V2;
+ smsg->sadb_msg_type = SADB_ACQUIRE;
+ smsg->sadb_msg_len = i / sizeof(uint64_t);
+ smsg->sadb_msg_seq = *seq;
+
+ if (ipo->ipo_sproto == IPPROTO_ESP)
+ smsg->sadb_msg_satype = SADB_SATYPE_ESP;
+ else if (ipo->ipo_sproto == IPPROTO_AH)
+ smsg->sadb_msg_satype = SADB_SATYPE_AH;
+ else if (ipo->ipo_sproto == IPPROTO_IPCOMP)
+ smsg->sadb_msg_satype = SADB_X_SATYPE_IPCOMP;
+
+ if (laddr) {
+ headers[SADB_EXT_ADDRESS_SRC] = p;
+ p += sizeof(struct sadb_address) + PADUP(SA_LEN(&laddr->sa));
+ sadd = (struct sadb_address *) headers[SADB_EXT_ADDRESS_SRC];
+ sadd->sadb_address_len = (sizeof(struct sadb_address) +
+ SA_LEN(&laddr->sa) + sizeof(uint64_t) - 1) /
+ sizeof(uint64_t);
+ bcopy(laddr, headers[SADB_EXT_ADDRESS_SRC] +
+ sizeof(struct sadb_address), SA_LEN(&laddr->sa));
}
- bcopy(ipo->ipo_local_cred + 1, headers[SADB_X_EXT_LOCAL_CREDENTIALS] +
- sizeof(struct sadb_x_cred), ipo->ipo_local_cred->ref_len);
- }
- if (ipo->ipo_local_auth)
- {
- headers[SADB_X_EXT_LOCAL_AUTH] = p;
- p += sizeof(struct sadb_x_cred) + PADUP(ipo->ipo_local_auth->ref_len);
- lauth = (struct sadb_x_cred *) headers[SADB_X_EXT_LOCAL_AUTH];
- lauth->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +
- PADUP(ipo->ipo_local_auth->ref_len)) /
- sizeof(u_int64_t);
- switch (ipo->ipo_local_auth->ref_type)
- {
- case IPSP_AUTH_PASSPHRASE:
- lauth->sadb_x_cred_type = SADB_X_AUTHTYPE_PASSPHRASE;
- break;
- case IPSP_AUTH_RSA:
- lauth->sadb_x_cred_type = SADB_X_AUTHTYPE_RSA;
- break;
+ headers[SADB_EXT_ADDRESS_DST] = p;
+ p += sizeof(struct sadb_address) + PADUP(SA_LEN(&gw->sa));
+ sadd = (struct sadb_address *) headers[SADB_EXT_ADDRESS_DST];
+ sadd->sadb_address_len = (sizeof(struct sadb_address) +
+ SA_LEN(&gw->sa) + sizeof(uint64_t) - 1) / sizeof(uint64_t);
+ bcopy(gw, headers[SADB_EXT_ADDRESS_DST] + sizeof(struct sadb_address),
+ SA_LEN(&gw->sa));
+
+ if (ipo->ipo_srcid) {
+ headers[SADB_EXT_IDENTITY_SRC] = p;
+ p += sizeof(struct sadb_ident) + PADUP(ipo->ipo_srcid->ref_len);
+ srcid = (struct sadb_ident *) headers[SADB_EXT_IDENTITY_SRC];
+ srcid->sadb_ident_len = (sizeof(struct sadb_ident) +
+ PADUP(ipo->ipo_srcid->ref_len)) / sizeof(u_int64_t);
+ srcid->sadb_ident_type = ipo->ipo_srcid->ref_type;
+ bcopy(ipo->ipo_srcid + 1, headers[SADB_EXT_IDENTITY_SRC] +
+ sizeof(struct sadb_ident), ipo->ipo_srcid->ref_len);
}
- bcopy(ipo->ipo_local_auth + 1, headers[SADB_X_EXT_LOCAL_AUTH] +
- sizeof(struct sadb_x_cred), ipo->ipo_local_auth->ref_len);
- }
+ if (ipo->ipo_dstid) {
+ headers[SADB_EXT_IDENTITY_DST] = p;
+ p += sizeof(struct sadb_ident) + PADUP(ipo->ipo_dstid->ref_len);
+ dstid = (struct sadb_ident *) headers[SADB_EXT_IDENTITY_DST];
+ dstid->sadb_ident_len = (sizeof(struct sadb_ident) +
+ PADUP(ipo->ipo_dstid->ref_len)) / sizeof(u_int64_t);
+ dstid->sadb_ident_type = ipo->ipo_dstid->ref_type;
+ bcopy(ipo->ipo_dstid + 1, headers[SADB_EXT_IDENTITY_DST] +
+ sizeof(struct sadb_ident), ipo->ipo_dstid->ref_len);
+ }
- headers[SADB_EXT_PROPOSAL] = p;
- p += sizeof(struct sadb_prop);
- sa_prop = (struct sadb_prop *) headers[SADB_EXT_PROPOSAL];
- sa_prop->sadb_prop_num = 1; /* XXX One proposal only */
- sa_prop->sadb_prop_len = (sizeof(struct sadb_prop) +
- (sizeof(struct sadb_comb) *
- sa_prop->sadb_prop_num)) / sizeof(uint64_t);
+ if (ipo->ipo_local_cred) {
+ headers[SADB_X_EXT_LOCAL_CREDENTIALS] = p;
+ p += sizeof(struct sadb_x_cred) + PADUP(ipo->ipo_local_cred->ref_len);
+ lcred = (struct sadb_x_cred *) headers[SADB_X_EXT_LOCAL_CREDENTIALS];
+ lcred->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +
+ PADUP(ipo->ipo_local_cred->ref_len)) / sizeof(u_int64_t);
+ switch (ipo->ipo_local_cred->ref_type) {
+ case IPSP_CRED_KEYNOTE:
+ lcred->sadb_x_cred_type = SADB_X_CREDTYPE_KEYNOTE;
+ break;
+ case IPSP_CRED_X509:
+ lcred->sadb_x_cred_type = SADB_X_CREDTYPE_X509;
+ break;
+ }
+ bcopy(ipo->ipo_local_cred + 1, headers[SADB_X_EXT_LOCAL_CREDENTIALS] +
+ sizeof(struct sadb_x_cred), ipo->ipo_local_cred->ref_len);
+ }
- sadb_comb = p;
+ if (ipo->ipo_local_auth) {
+ headers[SADB_X_EXT_LOCAL_AUTH] = p;
+ p += sizeof(struct sadb_x_cred) + PADUP(ipo->ipo_local_auth->ref_len);
+ lauth = (struct sadb_x_cred *) headers[SADB_X_EXT_LOCAL_AUTH];
+ lauth->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +
+ PADUP(ipo->ipo_local_auth->ref_len)) / sizeof(u_int64_t);
+ switch (ipo->ipo_local_auth->ref_type) {
+ case IPSP_AUTH_PASSPHRASE:
+ lauth->sadb_x_cred_type = SADB_X_AUTHTYPE_PASSPHRASE;
+ break;
+ case IPSP_AUTH_RSA:
+ lauth->sadb_x_cred_type = SADB_X_AUTHTYPE_RSA;
+ break;
+ }
- /* XXX Should actually ask the crypto layer what's supported */
- for (j = 0; j < sa_prop->sadb_prop_num; j++)
- {
- sadb_comb->sadb_comb_flags = 0;
+ bcopy(ipo->ipo_local_auth + 1, headers[SADB_X_EXT_LOCAL_AUTH] +
+ sizeof(struct sadb_x_cred), ipo->ipo_local_auth->ref_len);
+ }
- if (ipsec_require_pfs)
- sadb_comb->sadb_comb_flags |= SADB_SAFLAGS_PFS;
+ headers[SADB_EXT_PROPOSAL] = p;
+ p += sizeof(struct sadb_prop);
+ sa_prop = (struct sadb_prop *) headers[SADB_EXT_PROPOSAL];
+ sa_prop->sadb_prop_num = 1; /* XXX One proposal only */
+ sa_prop->sadb_prop_len = (sizeof(struct sadb_prop) +
+ (sizeof(struct sadb_comb) * sa_prop->sadb_prop_num)) /
+ sizeof(uint64_t);
+
+ sadb_comb = p;
+
+ /* XXX Should actually ask the crypto layer what's supported */
+ for (j = 0; j < sa_prop->sadb_prop_num; j++) {
+ sadb_comb->sadb_comb_flags = 0;
+
+ if (ipsec_require_pfs)
+ sadb_comb->sadb_comb_flags |= SADB_SAFLAGS_PFS;
+
+ /* Set the encryption algorithm */
+ if (ipo->ipo_sproto == IPPROTO_ESP) {
+ if (!strncasecmp(ipsec_def_enc, "aes",
+ sizeof("aes"))) {
+ sadb_comb->sadb_comb_encrypt = SADB_X_EALG_AES;
+ sadb_comb->sadb_comb_encrypt_minbits = 64;
+ sadb_comb->sadb_comb_encrypt_maxbits = 256;
+ } else if (!strncasecmp(ipsec_def_enc, "3des",
+ sizeof("3des"))) {
+ sadb_comb->sadb_comb_encrypt = SADB_EALG_3DESCBC;
+ sadb_comb->sadb_comb_encrypt_minbits = 192;
+ sadb_comb->sadb_comb_encrypt_maxbits = 192;
+ } else if (!strncasecmp(ipsec_def_enc, "des",
+ sizeof("des"))) {
+ sadb_comb->sadb_comb_encrypt = SADB_EALG_DESCBC;
+ sadb_comb->sadb_comb_encrypt_minbits = 64;
+ sadb_comb->sadb_comb_encrypt_maxbits = 64;
+ } else if (!strncasecmp(ipsec_def_enc, "blowfish",
+ sizeof("blowfish"))) {
+ sadb_comb->sadb_comb_encrypt = SADB_X_EALG_BLF;
+ sadb_comb->sadb_comb_encrypt_minbits = 40;
+ sadb_comb->sadb_comb_encrypt_maxbits = BLF_MAXKEYLEN * 8;
+ } else if (!strncasecmp(ipsec_def_enc, "skipjack",
+ sizeof("skipjack"))) {
+ sadb_comb->sadb_comb_encrypt = SADB_X_EALG_SKIPJACK;
+ sadb_comb->sadb_comb_encrypt_minbits = 80;
+ sadb_comb->sadb_comb_encrypt_maxbits = 80;
+ } else if (!strncasecmp(ipsec_def_enc, "cast128",
+ sizeof("cast128"))) {
+ sadb_comb->sadb_comb_encrypt = SADB_X_EALG_CAST;
+ sadb_comb->sadb_comb_encrypt_minbits = 40;
+ sadb_comb->sadb_comb_encrypt_maxbits = 128;
+ }
+ } else if (ipo->ipo_sproto == IPPROTO_IPCOMP) {
+ /* Set the compression algorithm */
+ if (!strncasecmp(ipsec_def_comp, "deflate",
+ sizeof("deflate"))) {
+ sadb_comb->sadb_comb_encrypt = SADB_X_CALG_DEFLATE;
+ sadb_comb->sadb_comb_encrypt_minbits = 0;
+ sadb_comb->sadb_comb_encrypt_maxbits = 0;
+ } else if (!strncasecmp(ipsec_def_comp, "lzs",
+ sizeof("lzs"))) {
+ sadb_comb->sadb_comb_encrypt = SADB_X_CALG_LZS;
+ sadb_comb->sadb_comb_encrypt_minbits = 0;
+ sadb_comb->sadb_comb_encrypt_maxbits = 0;
+ }
+ }
- /* Set the encryption algorithm */
- if (ipo->ipo_sproto == IPPROTO_ESP)
- {
- if (!strncasecmp(ipsec_def_enc, "aes", sizeof("aes")))
- {
- sadb_comb->sadb_comb_encrypt = SADB_X_EALG_AES;
- sadb_comb->sadb_comb_encrypt_minbits = 64;
- sadb_comb->sadb_comb_encrypt_maxbits = 256;
- }
- else
- if (!strncasecmp(ipsec_def_enc, "3des", sizeof("3des")))
- {
- sadb_comb->sadb_comb_encrypt = SADB_EALG_3DESCBC;
- sadb_comb->sadb_comb_encrypt_minbits = 192;
- sadb_comb->sadb_comb_encrypt_maxbits = 192;
- }
- else
- if (!strncasecmp(ipsec_def_enc, "des", sizeof("des")))
- {
- sadb_comb->sadb_comb_encrypt = SADB_EALG_DESCBC;
- sadb_comb->sadb_comb_encrypt_minbits = 64;
- sadb_comb->sadb_comb_encrypt_maxbits = 64;
+ /* Set the authentication algorithm */
+ if (!strncasecmp(ipsec_def_auth, "hmac-sha1",
+ sizeof("hmac-sha1"))) {
+ sadb_comb->sadb_comb_auth = SADB_AALG_SHA1HMAC;
+ sadb_comb->sadb_comb_auth_minbits = 160;
+ sadb_comb->sadb_comb_auth_maxbits = 160;
+ } else if (!strncasecmp(ipsec_def_auth, "hmac-ripemd160",
+ sizeof("hmac_ripemd160"))) {
+ sadb_comb->sadb_comb_auth = SADB_AALG_RIPEMD160HMAC;
+ sadb_comb->sadb_comb_auth_minbits = 160;
+ sadb_comb->sadb_comb_auth_maxbits = 160;
+ } else if (!strncasecmp(ipsec_def_auth, "hmac-md5",
+ sizeof("hmac-md5"))) {
+ sadb_comb->sadb_comb_auth = SADB_AALG_MD5HMAC;
+ sadb_comb->sadb_comb_auth_minbits = 128;
+ sadb_comb->sadb_comb_auth_maxbits = 128;
}
- else
- if (!strncasecmp(ipsec_def_enc, "blowfish",
- sizeof("blowfish")))
- {
- sadb_comb->sadb_comb_encrypt = SADB_X_EALG_BLF;
- sadb_comb->sadb_comb_encrypt_minbits = 40;
- sadb_comb->sadb_comb_encrypt_maxbits = BLF_MAXKEYLEN * 8;
- }
- else
- if (!strncasecmp(ipsec_def_enc, "skipjack",
- sizeof("skipjack")))
- {
- sadb_comb->sadb_comb_encrypt = SADB_X_EALG_SKIPJACK;
- sadb_comb->sadb_comb_encrypt_minbits = 80;
- sadb_comb->sadb_comb_encrypt_maxbits = 80;
- }
- else
- if (!strncasecmp(ipsec_def_enc, "cast128",
- sizeof("cast128")))
- {
- sadb_comb->sadb_comb_encrypt = SADB_X_EALG_CAST;
- sadb_comb->sadb_comb_encrypt_minbits = 40;
- sadb_comb->sadb_comb_encrypt_maxbits = 128;
- }
- }
- else if (ipo->ipo_sproto == IPPROTO_IPCOMP)
- {
- /* Set the compression algorithm */
- if (!strncasecmp(ipsec_def_comp, "deflate", sizeof("deflate"))) {
- sadb_comb->sadb_comb_encrypt = SADB_X_CALG_DEFLATE;
- sadb_comb->sadb_comb_encrypt_minbits = 0;
- sadb_comb->sadb_comb_encrypt_maxbits = 0;
- } else if (!strncasecmp(ipsec_def_comp, "lzs", sizeof("lzs"))) {
- sadb_comb->sadb_comb_encrypt = SADB_X_CALG_LZS;
- sadb_comb->sadb_comb_encrypt_minbits = 0;
- sadb_comb->sadb_comb_encrypt_maxbits = 0;
- }
- }
-
- /* Set the authentication algorithm */
- if (!strncasecmp(ipsec_def_auth, "hmac-sha1", sizeof("hmac-sha1")))
- {
- sadb_comb->sadb_comb_auth = SADB_AALG_SHA1HMAC;
- sadb_comb->sadb_comb_auth_minbits = 160;
- sadb_comb->sadb_comb_auth_maxbits = 160;
+ sadb_comb->sadb_comb_soft_allocations = ipsec_soft_allocations;
+ sadb_comb->sadb_comb_hard_allocations = ipsec_exp_allocations;
+
+ sadb_comb->sadb_comb_soft_bytes = ipsec_soft_bytes;
+ sadb_comb->sadb_comb_hard_bytes = ipsec_exp_bytes;
+
+ sadb_comb->sadb_comb_soft_addtime = ipsec_soft_timeout;
+ sadb_comb->sadb_comb_hard_addtime = ipsec_exp_timeout;
+
+ sadb_comb->sadb_comb_soft_usetime = ipsec_soft_first_use;
+ sadb_comb->sadb_comb_hard_usetime = ipsec_exp_first_use;
+ sadb_comb++;
}
- else
- if (!strncasecmp(ipsec_def_auth, "hmac-ripemd160",
- sizeof("hmac_ripemd160")))
- {
- sadb_comb->sadb_comb_auth = SADB_AALG_RIPEMD160HMAC;
- sadb_comb->sadb_comb_auth_minbits = 160;
- sadb_comb->sadb_comb_auth_maxbits = 160;
- }
- else
- if (!strncasecmp(ipsec_def_auth, "hmac-md5", sizeof("hmac-md5")))
- {
- sadb_comb->sadb_comb_auth = SADB_AALG_MD5HMAC;
- sadb_comb->sadb_comb_auth_minbits = 128;
- sadb_comb->sadb_comb_auth_maxbits = 128;
- }
-
- sadb_comb->sadb_comb_soft_allocations = ipsec_soft_allocations;
- sadb_comb->sadb_comb_hard_allocations = ipsec_exp_allocations;
-
- sadb_comb->sadb_comb_soft_bytes = ipsec_soft_bytes;
- sadb_comb->sadb_comb_hard_bytes = ipsec_exp_bytes;
-
- sadb_comb->sadb_comb_soft_addtime = ipsec_soft_timeout;
- sadb_comb->sadb_comb_hard_addtime = ipsec_exp_timeout;
-
- sadb_comb->sadb_comb_soft_usetime = ipsec_soft_first_use;
- sadb_comb->sadb_comb_hard_usetime = ipsec_exp_first_use;
- sadb_comb++;
- }
/* Send the ACQUIRE message to all compliant registered listeners. */
- if ((rval = pfkeyv2_sendmessage(headers, PFKEYV2_SENDMESSAGE_REGISTERED,
- NULL, smsg->sadb_msg_satype, 0)) != 0)
- goto ret;
+ if ((rval = pfkeyv2_sendmessage(headers,
+ PFKEYV2_SENDMESSAGE_REGISTERED, NULL, smsg->sadb_msg_satype, 0))
+ != 0)
+ goto ret;
- rval = 0;
+ rval = 0;
ret:
- if (buffer != NULL)
- {
- bzero(buffer, i);
- free(buffer, M_PFKEY);
- }
+ if (buffer != NULL) {
+ bzero(buffer, i);
+ free(buffer, M_PFKEY);
+ }
- return rval;
+ return (rval);
}
/*
@@ -2107,13 +1989,12 @@ ret:
int
pfkeyv2_expire(struct tdb *sa, u_int16_t type)
{
- void *p, *headers[SADB_EXT_MAX+1], *buffer = NULL;
- struct sadb_msg *smsg;
- int rval = 0;
- int i;
+ void *p, *headers[SADB_EXT_MAX+1], *buffer = NULL;
+ struct sadb_msg *smsg;
+ int rval = 0;
+ int i;
- switch (sa->tdb_sproto)
- {
+ switch (sa->tdb_sproto) {
case IPPROTO_AH:
case IPPROTO_ESP:
case IPPROTO_IPIP:
@@ -2121,90 +2002,88 @@ pfkeyv2_expire(struct tdb *sa, u_int16_t type)
#ifdef TCP_SIGNATURE
case IPPROTO_TCP:
#endif /* TCP_SIGNATURE */
- break;
+ break;
default:
- rval = EOPNOTSUPP;
- goto ret;
- }
+ rval = EOPNOTSUPP;
+ goto ret;
+ }
- i = sizeof(struct sadb_msg) + sizeof(struct sadb_sa) +
- 2 * sizeof(struct sadb_lifetime) +
- sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_src.sa)) +
- sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_dst.sa));
+ i = sizeof(struct sadb_msg) + sizeof(struct sadb_sa) +
+ 2 * sizeof(struct sadb_lifetime) +
+ sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_src.sa)) +
+ sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_dst.sa));
- if (!(p = malloc(i, M_PFKEY, M_DONTWAIT)))
- {
- rval = ENOMEM;
- goto ret;
- }
+ if (!(p = malloc(i, M_PFKEY, M_DONTWAIT))) {
+ rval = ENOMEM;
+ goto ret;
+ }
- bzero(headers, sizeof(headers));
+ bzero(headers, sizeof(headers));
- buffer = p;
- bzero(p, i);
+ buffer = p;
+ bzero(p, i);
- headers[0] = p;
- p += sizeof(struct sadb_msg);
+ headers[0] = p;
+ p += sizeof(struct sadb_msg);
- smsg = (struct sadb_msg *) headers[0];
- smsg->sadb_msg_version = PF_KEY_V2;
- smsg->sadb_msg_type = SADB_EXPIRE;
- smsg->sadb_msg_satype = sa->tdb_satype;
- smsg->sadb_msg_len = i / sizeof(uint64_t);
- smsg->sadb_msg_seq = pfkeyv2_seq++;
+ smsg = (struct sadb_msg *) headers[0];
+ smsg->sadb_msg_version = PF_KEY_V2;
+ smsg->sadb_msg_type = SADB_EXPIRE;
+ smsg->sadb_msg_satype = sa->tdb_satype;
+ smsg->sadb_msg_len = i / sizeof(uint64_t);
+ smsg->sadb_msg_seq = pfkeyv2_seq++;
- headers[SADB_EXT_SA] = p;
- export_sa(&p, sa);
+ headers[SADB_EXT_SA] = p;
+ export_sa(&p, sa);
- headers[SADB_EXT_LIFETIME_CURRENT] = p;
- export_lifetime(&p, sa, 2);
+ headers[SADB_EXT_LIFETIME_CURRENT] = p;
+ export_lifetime(&p, sa, 2);
- headers[type] = p;
- type = (SADB_EXT_LIFETIME_SOFT ? PFKEYV2_LIFETIME_SOFT :
- PFKEYV2_LIFETIME_HARD);
- export_lifetime(&p, sa, type);
+ headers[type] = p;
+ type = (SADB_EXT_LIFETIME_SOFT ? PFKEYV2_LIFETIME_SOFT :
+ PFKEYV2_LIFETIME_HARD);
+ export_lifetime(&p, sa, type);
- headers[SADB_EXT_ADDRESS_SRC] = p;
- export_address(&p, (struct sockaddr *) &sa->tdb_src);
+ headers[SADB_EXT_ADDRESS_SRC] = p;
+ export_address(&p, (struct sockaddr *) &sa->tdb_src);
- headers[SADB_EXT_ADDRESS_DST] = p;
- export_address(&p, (struct sockaddr *) &sa->tdb_dst);
+ headers[SADB_EXT_ADDRESS_DST] = p;
+ export_address(&p, (struct sockaddr *) &sa->tdb_dst);
- if ((rval = pfkeyv2_sendmessage(headers, PFKEYV2_SENDMESSAGE_BROADCAST,
- NULL, 0, 0)) != 0)
- goto ret;
+ if ((rval = pfkeyv2_sendmessage(headers, PFKEYV2_SENDMESSAGE_BROADCAST,
+ NULL, 0, 0)) != 0)
+ goto ret;
- rval = 0;
+ rval = 0;
-ret:
- if (buffer != NULL)
- {
- bzero(buffer, i);
- free(buffer, M_PFKEY);
- }
+ ret:
+ if (buffer != NULL) {
+ bzero(buffer, i);
+ free(buffer, M_PFKEY);
+ }
- return rval;
+ return (rval);
}
int
pfkeyv2_init(void)
{
- int rval;
+ int rval;
- bzero(&pfkeyv2_version, sizeof(struct pfkey_version));
- pfkeyv2_version.protocol = PFKEYV2_PROTOCOL;
- pfkeyv2_version.create = &pfkeyv2_create;
- pfkeyv2_version.release = &pfkeyv2_release;
- pfkeyv2_version.send = &pfkeyv2_send;
+ bzero(&pfkeyv2_version, sizeof(struct pfkey_version));
+ pfkeyv2_version.protocol = PFKEYV2_PROTOCOL;
+ pfkeyv2_version.create = &pfkeyv2_create;
+ pfkeyv2_version.release = &pfkeyv2_release;
+ pfkeyv2_version.send = &pfkeyv2_send;
- rval = pfkey_register(&pfkeyv2_version);
- return rval;
+ rval = pfkey_register(&pfkeyv2_version);
+ return (rval);
}
int
pfkeyv2_cleanup(void)
{
- pfkey_unregister(&pfkeyv2_version);
- return 0;
+ pfkey_unregister(&pfkeyv2_version);
+ return (0);
}
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index ae531ff9ead..7deaefa3915 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.h,v 1.44 2003/02/15 19:21:05 jason Exp $ */
+/* $OpenBSD: pfkeyv2.h,v 1.45 2003/02/16 19:54:20 jason Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) January 1998
*
@@ -67,142 +67,142 @@
#define SADB_MAX 15
struct sadb_msg {
- uint8_t sadb_msg_version;
- uint8_t sadb_msg_type;
- uint8_t sadb_msg_errno;
- uint8_t sadb_msg_satype;
- uint16_t sadb_msg_len;
- uint16_t sadb_msg_reserved;
- uint32_t sadb_msg_seq;
- uint32_t sadb_msg_pid;
+ uint8_t sadb_msg_version;
+ uint8_t sadb_msg_type;
+ uint8_t sadb_msg_errno;
+ uint8_t sadb_msg_satype;
+ uint16_t sadb_msg_len;
+ uint16_t sadb_msg_reserved;
+ uint32_t sadb_msg_seq;
+ uint32_t sadb_msg_pid;
};
struct sadb_ext {
- uint16_t sadb_ext_len;
- uint16_t sadb_ext_type;
+ uint16_t sadb_ext_len;
+ uint16_t sadb_ext_type;
};
struct sadb_sa {
- uint16_t sadb_sa_len;
- uint16_t sadb_sa_exttype;
- uint32_t sadb_sa_spi;
- uint8_t sadb_sa_replay;
- uint8_t sadb_sa_state;
- uint8_t sadb_sa_auth;
- uint8_t sadb_sa_encrypt;
- uint32_t sadb_sa_flags;
+ uint16_t sadb_sa_len;
+ uint16_t sadb_sa_exttype;
+ uint32_t sadb_sa_spi;
+ uint8_t sadb_sa_replay;
+ uint8_t sadb_sa_state;
+ uint8_t sadb_sa_auth;
+ uint8_t sadb_sa_encrypt;
+ uint32_t sadb_sa_flags;
};
struct sadb_lifetime {
- uint16_t sadb_lifetime_len;
- uint16_t sadb_lifetime_exttype;
- uint32_t sadb_lifetime_allocations;
- uint64_t sadb_lifetime_bytes;
- uint64_t sadb_lifetime_addtime;
- uint64_t sadb_lifetime_usetime;
+ uint16_t sadb_lifetime_len;
+ uint16_t sadb_lifetime_exttype;
+ uint32_t sadb_lifetime_allocations;
+ uint64_t sadb_lifetime_bytes;
+ uint64_t sadb_lifetime_addtime;
+ uint64_t sadb_lifetime_usetime;
};
struct sadb_address {
- uint16_t sadb_address_len;
- uint16_t sadb_address_exttype;
- uint32_t sadb_address_reserved;
+ uint16_t sadb_address_len;
+ uint16_t sadb_address_exttype;
+ uint32_t sadb_address_reserved;
};
struct sadb_key {
- uint16_t sadb_key_len;
- uint16_t sadb_key_exttype;
- uint16_t sadb_key_bits;
- uint16_t sadb_key_reserved;
+ uint16_t sadb_key_len;
+ uint16_t sadb_key_exttype;
+ uint16_t sadb_key_bits;
+ uint16_t sadb_key_reserved;
};
struct sadb_ident {
- uint16_t sadb_ident_len;
- uint16_t sadb_ident_exttype;
- uint16_t sadb_ident_type;
- uint16_t sadb_ident_reserved;
- uint64_t sadb_ident_id;
+ uint16_t sadb_ident_len;
+ uint16_t sadb_ident_exttype;
+ uint16_t sadb_ident_type;
+ uint16_t sadb_ident_reserved;
+ uint64_t sadb_ident_id;
};
struct sadb_sens {
- uint16_t sadb_sens_len;
- uint16_t sadb_sens_exttype;
- uint32_t sadb_sens_dpd;
- uint8_t sadb_sens_sens_level;
- uint8_t sadb_sens_sens_len;
- uint8_t sadb_sens_integ_level;
- uint8_t sadb_sens_integ_len;
- uint32_t sadb_sens_reserved;
+ uint16_t sadb_sens_len;
+ uint16_t sadb_sens_exttype;
+ uint32_t sadb_sens_dpd;
+ uint8_t sadb_sens_sens_level;
+ uint8_t sadb_sens_sens_len;
+ uint8_t sadb_sens_integ_level;
+ uint8_t sadb_sens_integ_len;
+ uint32_t sadb_sens_reserved;
};
struct sadb_prop {
- uint16_t sadb_prop_len;
- uint16_t sadb_prop_exttype;
- uint8_t sadb_prop_num;
- uint8_t sadb_prop_replay;
- uint16_t sadb_prop_reserved;
+ uint16_t sadb_prop_len;
+ uint16_t sadb_prop_exttype;
+ uint8_t sadb_prop_num;
+ uint8_t sadb_prop_replay;
+ uint16_t sadb_prop_reserved;
};
struct sadb_comb {
- uint8_t sadb_comb_auth;
- uint8_t sadb_comb_encrypt;
- uint16_t sadb_comb_flags;
- uint16_t sadb_comb_auth_minbits;
- uint16_t sadb_comb_auth_maxbits;
- uint16_t sadb_comb_encrypt_minbits;
- uint16_t sadb_comb_encrypt_maxbits;
- uint32_t sadb_comb_reserved;
- uint32_t sadb_comb_soft_allocations;
- uint32_t sadb_comb_hard_allocations;
- uint64_t sadb_comb_soft_bytes;
- uint64_t sadb_comb_hard_bytes;
- uint64_t sadb_comb_soft_addtime;
- uint64_t sadb_comb_hard_addtime;
- uint64_t sadb_comb_soft_usetime;
- uint64_t sadb_comb_hard_usetime;
+ uint8_t sadb_comb_auth;
+ uint8_t sadb_comb_encrypt;
+ uint16_t sadb_comb_flags;
+ uint16_t sadb_comb_auth_minbits;
+ uint16_t sadb_comb_auth_maxbits;
+ uint16_t sadb_comb_encrypt_minbits;
+ uint16_t sadb_comb_encrypt_maxbits;
+ uint32_t sadb_comb_reserved;
+ uint32_t sadb_comb_soft_allocations;
+ uint32_t sadb_comb_hard_allocations;
+ uint64_t sadb_comb_soft_bytes;
+ uint64_t sadb_comb_hard_bytes;
+ uint64_t sadb_comb_soft_addtime;
+ uint64_t sadb_comb_hard_addtime;
+ uint64_t sadb_comb_soft_usetime;
+ uint64_t sadb_comb_hard_usetime;
};
struct sadb_supported {
- uint16_t sadb_supported_len;
- uint16_t sadb_supported_exttype;
- uint32_t sadb_supported_reserved;
+ uint16_t sadb_supported_len;
+ uint16_t sadb_supported_exttype;
+ uint32_t sadb_supported_reserved;
};
struct sadb_alg {
- uint8_t sadb_alg_id;
- uint8_t sadb_alg_ivlen;
- uint16_t sadb_alg_minbits;
- uint16_t sadb_alg_maxbits;
- uint16_t sadb_alg_reserved;
+ uint8_t sadb_alg_id;
+ uint8_t sadb_alg_ivlen;
+ uint16_t sadb_alg_minbits;
+ uint16_t sadb_alg_maxbits;
+ uint16_t sadb_alg_reserved;
};
struct sadb_spirange {
- uint16_t sadb_spirange_len;
- uint16_t sadb_spirange_exttype;
- uint32_t sadb_spirange_min;
- uint32_t sadb_spirange_max;
- uint32_t sadb_spirange_reserved;
+ uint16_t sadb_spirange_len;
+ uint16_t sadb_spirange_exttype;
+ uint32_t sadb_spirange_min;
+ uint32_t sadb_spirange_max;
+ uint32_t sadb_spirange_reserved;
};
struct sadb_protocol {
- uint16_t sadb_protocol_len;
- uint16_t sadb_protocol_exttype;
- uint8_t sadb_protocol_proto;
- uint8_t sadb_protocol_direction;
- uint8_t sadb_protocol_flags;
- uint8_t sadb_protocol_reserved2;
+ uint16_t sadb_protocol_len;
+ uint16_t sadb_protocol_exttype;
+ uint8_t sadb_protocol_proto;
+ uint8_t sadb_protocol_direction;
+ uint8_t sadb_protocol_flags;
+ uint8_t sadb_protocol_reserved2;
};
struct sadb_x_policy {
- uint16_t sadb_x_policy_len;
- uint16_t sadb_x_policy_exttype;
- u_int32_t sadb_x_policy_seq;
+ uint16_t sadb_x_policy_len;
+ uint16_t sadb_x_policy_exttype;
+ u_int32_t sadb_x_policy_seq;
};
struct sadb_x_cred {
- uint16_t sadb_x_cred_len;
- uint16_t sadb_x_cred_exttype;
- uint16_t sadb_x_cred_type;
- uint16_t sadb_x_cred_reserved;
+ uint16_t sadb_x_cred_len;
+ uint16_t sadb_x_cred_exttype;
+ uint16_t sadb_x_cred_type;
+ uint16_t sadb_x_cred_reserved;
};
#ifdef _KERNEL
@@ -370,25 +370,25 @@ struct mbuf;
struct pfkey_version
{
- int protocol;
- int (*create)(struct socket *socket);
- int (*release)(struct socket *socket);
- int (*send)(struct socket *socket, void *message, int len);
+ int protocol;
+ int (*create)(struct socket *socket);
+ int (*release)(struct socket *socket);
+ int (*send)(struct socket *socket, void *message, int len);
};
struct pfkeyv2_socket
{
- struct pfkeyv2_socket *next;
- struct socket *socket;
- int flags;
- uint32_t pid;
- uint32_t registration; /* Increase size if SATYPE_MAX > 31 */
+ struct pfkeyv2_socket *next;
+ struct socket *socket;
+ int flags;
+ uint32_t pid;
+ uint32_t registration; /* Increase size if SATYPE_MAX > 31 */
};
struct dump_state
{
- struct sadb_msg *sadb_msg;
- struct socket *socket;
+ struct sadb_msg *sadb_msg;
+ struct socket *socket;
};
int pfkeyv2_init(void);
@@ -396,8 +396,7 @@ int pfkeyv2_cleanup(void);
int pfkeyv2_parsemessage(void *, int, void **);
int pfkeyv2_expire(struct tdb *, u_int16_t);
int pfkeyv2_acquire(struct ipsec_policy *, union sockaddr_union *,
- union sockaddr_union *, u_int32_t *,
- struct sockaddr_encap *);
+ union sockaddr_union *, u_int32_t *, struct sockaddr_encap *);
int pfkey_register(struct pfkey_version *version);
int pfkey_unregister(struct pfkey_version *version);
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index fec9491b97a..c1cc516bc30 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.34 2002/06/07 06:16:39 angelos Exp $ */
+/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.35 2003/02/16 19:54:20 jason Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
@@ -124,146 +124,146 @@ extern int encdebug;
uint32_t sadb_exts_allowed_in[SADB_MAX+1] =
{
- /* RESERVED */
- ~0,
- /* GETSPI */
- BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE,
- /* UPDATE */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW,
- /* ADD */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW,
- /* DELETE */
- BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
- /* GET */
- BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
- /* ACQUIRE */
- BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL | BITMAP_X_CREDENTIALS,
- /* REGISTER */
- 0,
- /* EXPIRE */
- BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
- /* FLUSH */
- 0,
- /* DUMP */
- 0,
- /* X_PROMISC */
- 0,
- /* X_ADDFLOW */
- BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST | BITMAP_X_FLOW,
- /* X_DELFLOW */
- BITMAP_X_FLOW,
- /* X_GRPSPIS */
- BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
- /* X_ASKPOLICY */
- BITMAP_X_POLICY,
+ /* RESERVED */
+ ~0,
+ /* GETSPI */
+ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE,
+ /* UPDATE */
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW,
+ /* ADD */
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW,
+ /* DELETE */
+ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
+ /* GET */
+ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
+ /* ACQUIRE */
+ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL | BITMAP_X_CREDENTIALS,
+ /* REGISTER */
+ 0,
+ /* EXPIRE */
+ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
+ /* FLUSH */
+ 0,
+ /* DUMP */
+ 0,
+ /* X_PROMISC */
+ 0,
+ /* X_ADDFLOW */
+ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST | BITMAP_X_FLOW,
+ /* X_DELFLOW */
+ BITMAP_X_FLOW,
+ /* X_GRPSPIS */
+ BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
+ /* X_ASKPOLICY */
+ BITMAP_X_POLICY,
};
uint32_t sadb_exts_required_in[SADB_MAX+1] =
{
- /* RESERVED */
- 0,
- /* GETSPI */
- BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE,
- /* UPDATE */
- BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
- /* ADD */
- BITMAP_SA | BITMAP_ADDRESS_DST,
- /* DELETE */
- BITMAP_SA | BITMAP_ADDRESS_DST,
- /* GET */
- BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
- /* ACQUIRE */
- 0,
- /* REGISTER */
- 0,
- /* EXPIRE */
- BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
- /* FLUSH */
- 0,
- /* DUMP */
- 0,
- /* X_PROMISC */
- 0,
- /* X_ADDFLOW */
- BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
- /* X_DELFLOW */
- BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
- /* X_GRPSPIS */
- BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
- /* X_ASKPOLICY */
- BITMAP_X_POLICY,
+ /* RESERVED */
+ 0,
+ /* GETSPI */
+ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE,
+ /* UPDATE */
+ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
+ /* ADD */
+ BITMAP_SA | BITMAP_ADDRESS_DST,
+ /* DELETE */
+ BITMAP_SA | BITMAP_ADDRESS_DST,
+ /* GET */
+ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
+ /* ACQUIRE */
+ 0,
+ /* REGISTER */
+ 0,
+ /* EXPIRE */
+ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
+ /* FLUSH */
+ 0,
+ /* DUMP */
+ 0,
+ /* X_PROMISC */
+ 0,
+ /* X_ADDFLOW */
+ BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
+ /* X_DELFLOW */
+ BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
+ /* X_GRPSPIS */
+ BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
+ /* X_ASKPOLICY */
+ BITMAP_X_POLICY,
};
uint32_t sadb_exts_allowed_out[SADB_MAX+1] =
{
- /* RESERVED */
- ~0,
- /* GETSPI */
- BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
- /* UPDATE */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW,
- /* ADD */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW,
- /* DELETE */
- BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
- /* GET */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY,
- /* ACQUIRE */
- BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL | BITMAP_X_CREDENTIALS,
- /* REGISTER */
- BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT | BITMAP_X_SUPPORTED_COMP,
- /* EXPIRE */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS,
- /* FLUSH */
- 0,
- /* DUMP */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY,
- /* X_PROMISC */
- 0,
- /* X_ADDFLOW */
- BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST,
- /* X_DELFLOW */
- BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
- /* X_GRPSPIS */
- BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
- /* X_ASKPOLICY */
- BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_FLOW_TYPE | BITMAP_X_POLICY,
+ /* RESERVED */
+ ~0,
+ /* GETSPI */
+ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
+ /* UPDATE */
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW,
+ /* ADD */
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW,
+ /* DELETE */
+ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
+ /* GET */
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY,
+ /* ACQUIRE */
+ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL | BITMAP_X_CREDENTIALS,
+ /* REGISTER */
+ BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT | BITMAP_X_SUPPORTED_COMP,
+ /* EXPIRE */
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS,
+ /* FLUSH */
+ 0,
+ /* DUMP */
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY,
+ /* X_PROMISC */
+ 0,
+ /* X_ADDFLOW */
+ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST,
+ /* X_DELFLOW */
+ BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
+ /* X_GRPSPIS */
+ BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
+ /* X_ASKPOLICY */
+ BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_FLOW_TYPE | BITMAP_X_POLICY,
};
uint32_t sadb_exts_required_out[SADB_MAX+1] =
{
- /* RESERVED */
- 0,
- /* GETSPI */
- BITMAP_SA | BITMAP_ADDRESS_DST,
- /* UPDATE */
- BITMAP_SA | BITMAP_ADDRESS_DST,
- /* ADD */
- BITMAP_SA | BITMAP_ADDRESS_DST,
- /* DELETE */
- BITMAP_SA | BITMAP_ADDRESS_DST,
- /* GET */
- BITMAP_SA | BITMAP_LIFETIME_CURRENT | BITMAP_ADDRESS_DST,
- /* ACQUIRE */
- 0,
- /* REGISTER */
- BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT | BITMAP_X_SUPPORTED_COMP,
- /* EXPIRE */
- BITMAP_SA | BITMAP_ADDRESS_DST,
- /* FLUSH */
- 0,
- /* DUMP */
- 0,
- /* X_PROMISC */
- 0,
- /* X_ADDFLOW */
- BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
- /* X_DELFLOW */
- BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
- /* X_GRPSPIS */
- BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
- /* X_REPPOLICY */
- BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_FLOW_TYPE,
+ /* RESERVED */
+ 0,
+ /* GETSPI */
+ BITMAP_SA | BITMAP_ADDRESS_DST,
+ /* UPDATE */
+ BITMAP_SA | BITMAP_ADDRESS_DST,
+ /* ADD */
+ BITMAP_SA | BITMAP_ADDRESS_DST,
+ /* DELETE */
+ BITMAP_SA | BITMAP_ADDRESS_DST,
+ /* GET */
+ BITMAP_SA | BITMAP_LIFETIME_CURRENT | BITMAP_ADDRESS_DST,
+ /* ACQUIRE */
+ 0,
+ /* REGISTER */
+ BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT | BITMAP_X_SUPPORTED_COMP,
+ /* EXPIRE */
+ BITMAP_SA | BITMAP_ADDRESS_DST,
+ /* FLUSH */
+ 0,
+ /* DUMP */
+ 0,
+ /* X_PROMISC */
+ 0,
+ /* X_ADDFLOW */
+ BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
+ /* X_DELFLOW */
+ BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
+ /* X_GRPSPIS */
+ BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
+ /* X_REPPOLICY */
+ BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_FLOW_TYPE,
};
int pfkeyv2_parsemessage(void *, int, void **);
@@ -282,14 +282,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
if (left < sizeof(struct sadb_msg)) {
DPRINTF(("pfkeyv2_parsemessage: message too short\n"));
- return EINVAL;
+ return (EINVAL);
}
headers[0] = p;
if (sadb_msg->sadb_msg_len * sizeof(uint64_t) != left) {
DPRINTF(("pfkeyv2_parsemessage: length not a multiple of 64\n"));
- return EINVAL;
+ return (EINVAL);
}
p += sizeof(struct sadb_msg);
@@ -298,36 +298,36 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
if (sadb_msg->sadb_msg_reserved) {
DPRINTF(("pfkeyv2_parsemessage: message header reserved "
"field set\n"));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_msg->sadb_msg_type > SADB_MAX) {
DPRINTF(("pfkeyv2_parsemessage: message type > %d\n",
SADB_MAX));
- return EINVAL;
+ return (EINVAL);
}
if (!sadb_msg->sadb_msg_type) {
DPRINTF(("pfkeyv2_parsemessage: message type unset\n"));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_msg->sadb_msg_pid != curproc->p_pid) {
DPRINTF(("pfkeyv2_parsemessage: bad PID value\n"));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_msg->sadb_msg_errno) {
if (left) {
DPRINTF(("pfkeyv2_parsemessage: too-large error message\n"));
- return EINVAL;
+ return (EINVAL);
}
- return 0;
+ return (0);
}
if (sadb_msg->sadb_msg_type == SADB_X_PROMISC) {
DPRINTF(("pfkeyv2_parsemessage: message type promiscuous\n"));
- return 0;
+ return (0);
}
allow = sadb_exts_allowed_in[sadb_msg->sadb_msg_type];
@@ -337,39 +337,39 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
if (left < sizeof(struct sadb_ext)) {
DPRINTF(("pfkeyv2_parsemessage: extension header too "
"short\n"));
- return EINVAL;
+ return (EINVAL);
}
i = sadb_ext->sadb_ext_len * sizeof(uint64_t);
if (left < i) {
DPRINTF(("pfkeyv2_parsemessage: extension header "
"exceeds message length\n"));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_ext->sadb_ext_type > SADB_EXT_MAX) {
DPRINTF(("pfkeyv2_parsemessage: unknown extension "
"header %d\n", sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (!sadb_ext->sadb_ext_type) {
DPRINTF(("pfkeyv2_parsemessage: unset extension "
"header\n"));
- return EINVAL;
+ return (EINVAL);
}
if (!(allow & (1 << sadb_ext->sadb_ext_type))) {
DPRINTF(("pfkeyv2_parsemessage: extension header %d "
"not permitted on message type %d\n",
sadb_ext->sadb_ext_type, sadb_msg->sadb_msg_type));
- return EINVAL;
+ return (EINVAL);
}
if (headers[sadb_ext->sadb_ext_type]) {
DPRINTF(("pfkeyv2_parsemessage: duplicate extension "
"header %d\n", sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
seen |= (1 << sadb_ext->sadb_ext_type);
@@ -384,7 +384,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad header "
"length for SA extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_sa->sadb_sa_state > SADB_SASTATE_MAX) {
@@ -392,14 +392,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"state %d in SA extension header %d\n",
sadb_sa->sadb_sa_state,
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_sa->sadb_sa_state == SADB_SASTATE_DEAD) {
DPRINTF(("pfkeyv2_parsemessage: cannot set SA "
"state to dead, SA extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_sa->sadb_sa_encrypt > SADB_EALG_MAX) {
@@ -407,7 +407,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"encryption algorithm %d in SA extension "
"header %d\n", sadb_sa->sadb_sa_encrypt,
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_sa->sadb_sa_auth > SADB_AALG_MAX) {
@@ -416,7 +416,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"extension header %d\n",
sadb_sa->sadb_sa_auth,
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_sa->sadb_sa_replay > 32) {
@@ -424,7 +424,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"replay window size %d in SA extension "
"header %d\n", sadb_sa->sadb_sa_replay,
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
}
break;
@@ -434,14 +434,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad "
"PROTOCOL/FLOW header length in extension "
"header %d\n", sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
break;
case SADB_X_EXT_POLICY:
if (i != sizeof(struct sadb_x_policy)) {
DPRINTF(("pfkeyv2_parsemessage: bad POLICY "
"header length\n"));
- return EINVAL;
+ return (EINVAL);
}
break;
case SADB_EXT_LIFETIME_CURRENT:
@@ -451,7 +451,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad header "
"length for LIFETIME extension header "
"%d\n", sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
break;
case SADB_EXT_ADDRESS_SRC:
@@ -473,14 +473,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad ADDRESS "
"extension header %d length\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_address->sadb_address_reserved) {
DPRINTF(("pfkeyv2_parsemessage: ADDRESS "
"extension header %d reserved field set\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sa->sa_len &&
(i != sizeof(struct sadb_address) +
@@ -488,7 +488,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad sockaddr "
"length field in ADDRESS extension "
"header %d\n", sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
switch(sa->sa_family) {
@@ -499,7 +499,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"invalid ADDRESS extension header "
"%d length\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sa->sa_len != sizeof(struct sockaddr_in)) {
@@ -507,7 +507,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"sockaddr_in length in ADDRESS "
"extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
/* Only check the right pieces */
@@ -526,7 +526,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"sockaddr_in of ADDRESS "
"extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
break;
}
@@ -542,7 +542,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"ADDRESS extension header "
"%d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
}
break;
@@ -554,7 +554,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"invalid sockaddr_in6 length in "
"ADDRESS extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sa->sa_len !=
@@ -563,7 +563,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"sockaddr_in6 length in ADDRESS "
"extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (((struct sockaddr_in6 *)sa)->sin6_flowinfo) {
@@ -572,7 +572,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"sockaddr_in6 of ADDRESS "
"extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
/* Only check the right pieces */
@@ -591,7 +591,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"sockaddr_in6 of ADDRESS "
"extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
break;
}
@@ -602,7 +602,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"address family %d in ADDRESS extension "
"header %d\n",
sa->sa_family, sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
}
break;
@@ -615,28 +615,28 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad header "
"length in KEY extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (!sadb_key->sadb_key_bits) {
DPRINTF(("pfkeyv2_parsemessage: key length "
"unset in KEY extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (((sadb_key->sadb_key_bits + 63) / 64) * sizeof(uint64_t) != i - sizeof(struct sadb_key)) {
DPRINTF(("pfkeyv2_parsemessage: invalid key "
"length in KEY extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_key->sadb_key_reserved) {
DPRINTF(("pfkeyv2_parsemessage: reserved field"
" set in KEY extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
}
break;
@@ -650,7 +650,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad header "
"length for AUTH extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_cred->sadb_x_cred_type > SADB_X_AUTHTYPE_MAX) {
@@ -658,14 +658,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"type %d in AUTH extension header %d\n",
sadb_cred->sadb_x_cred_type,
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_cred->sadb_x_cred_reserved) {
DPRINTF(("pfkeyv2_parsemessage: reserved field"
" set in AUTH extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
}
break;
@@ -679,7 +679,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad header "
"length of CREDENTIALS extension header "
"%d\n", sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_cred->sadb_x_cred_type > SADB_X_CREDTYPE_MAX) {
@@ -688,14 +688,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"extension header %d\n",
sadb_cred->sadb_x_cred_type,
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_cred->sadb_x_cred_reserved) {
DPRINTF(("pfkeyv2_parsemessage: reserved "
"field set in CREDENTIALS extension "
"header %d\n", sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
}
break;
@@ -708,7 +708,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad header "
"length of IDENTITY extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_ident->sadb_ident_type > SADB_IDENTTYPE_MAX) {
@@ -717,14 +717,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"header %d\n",
sadb_ident->sadb_ident_type,
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_ident->sadb_ident_reserved) {
DPRINTF(("pfkeyv2_parsemessage: reserved "
"field set in IDENTITY extension header "
"%d\n", sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (i > sizeof(struct sadb_ident)) {
@@ -737,7 +737,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"NUL-terminated identity in "
"IDENTITY extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
j = PADUP(strlen(c) + 1) +
@@ -749,7 +749,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"expected length in identity "
"extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
}
}
@@ -762,7 +762,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad header "
"length for SENSITIVITY extension "
"header\n"));
- return EINVAL;
+ return (EINVAL);
}
if (i != (sadb_sens->sadb_sens_sens_len +
@@ -772,7 +772,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad payload "
"length for SENSITIVITY extension "
"header\n"));
- return EINVAL;
+ return (EINVAL);
}
}
break;
@@ -783,20 +783,20 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
if (i < sizeof(struct sadb_prop)) {
DPRINTF(("pfkeyv2_parsemessage: bad PROPOSAL "
"header length\n"));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_prop->sadb_prop_reserved) {
DPRINTF(("pfkeyv2_parsemessage: reserved field"
"set in PROPOSAL extension header\n"));
- return EINVAL;
+ return (EINVAL);
}
if ((i - sizeof(struct sadb_prop)) %
sizeof(struct sadb_comb)) {
DPRINTF(("pfkeyv2_parsemessage: bad proposal "
"length\n"));
- return EINVAL;
+ return (EINVAL);
}
{
@@ -815,7 +815,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"algorithm %d in "
"PROPOSAL\n",
sadb_comb->sadb_comb_auth));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_comb->sadb_comb_encrypt >
@@ -825,14 +825,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"algorithm %d in "
"PROPOSAL\n",
sadb_comb->sadb_comb_encrypt));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_comb->sadb_comb_reserved) {
DPRINTF(("pfkeyv2_parsemessage"
": reserved field set in "
"COMB header\n"));
- return EINVAL;
+ return (EINVAL);
}
}
}
@@ -850,14 +850,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: bad header "
"length for SUPPORTED extension header "
"%d\n", sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_supported->sadb_supported_reserved) {
DPRINTF(("pfkeyv2_parsemessage: reserved "
"field set in SUPPORTED extension "
"header %d\n", sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
{
@@ -878,7 +878,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"header %d\n",
sadb_alg->sadb_alg_id,
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_alg->sadb_alg_reserved) {
@@ -888,7 +888,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
"header inside SUPPORTED "
"extension header %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
sadb_alg++;
@@ -904,14 +904,14 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
if (i != sizeof(struct sadb_spirange)) {
DPRINTF(("pfkeyv2_parsemessage: bad header "
"length of SPIRANGE extension header\n"));
- return EINVAL;
+ return (EINVAL);
}
if (sadb_spirange->sadb_spirange_min >
sadb_spirange->sadb_spirange_max) {
DPRINTF(("pfkeyv2_parsemessage: bad SPI "
"range\n"));
- return EINVAL;
+ return (EINVAL);
}
}
break;
@@ -919,7 +919,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
DPRINTF(("pfkeyv2_parsemessage: unknown extension "
"header type %d\n",
sadb_ext->sadb_ext_type));
- return EINVAL;
+ return (EINVAL);
}
headers[sadb_ext->sadb_ext_type] = p;
@@ -929,7 +929,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
if (left) {
DPRINTF(("pfkeyv2_parsemessage: message too long\n"));
- return EINVAL;
+ return (EINVAL);
}
{
@@ -940,7 +940,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
if ((seen & required) != required) {
DPRINTF(("pfkeyv2_parsemessage: required fields "
"missing\n"));
- return EINVAL;
+ return (EINVAL);
}
}
@@ -950,7 +950,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
SADB_SASTATE_MATURE) {
DPRINTF(("pfkeyv2_parsemessage: updating non-mature "
"SA prohibited\n"));
- return EINVAL;
+ return (EINVAL);
}
break;
case SADB_ADD:
@@ -958,10 +958,10 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
SADB_SASTATE_MATURE) {
DPRINTF(("pfkeyv2_parsemessage: adding non-mature "
"SA prohibited\n"));
- return EINVAL;
+ return (EINVAL);
}
break;
}
- return 0;
+ return (0);
}