diff options
| -rw-r--r-- | sys/net/pfkeyv2.c | 91 | ||||
| -rw-r--r-- | sys/net/pfkeyv2.h | 4 | ||||
| -rw-r--r-- | sys/net/pfkeyv2_parsemessage.c | 10 |
3 files changed, 53 insertions, 52 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index 66ccadf5bab..ab7d0f597d4 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.58 2001/03/28 20:03:01 angelos Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.59 2001/05/05 00:33:46 angelos Exp $ */ /* %%% copyright-nrl-97 This software is Copyright 1997-1998 by Randall Atkinson, Ronald Lee, @@ -494,21 +494,22 @@ import_credentials(struct tdb *tdb, struct sadb_cred *sadb_cred, int dstcred) if (dstcred) { - tdb->tdb_dst_cred_len = EXTLEN(sadb_cred) - sizeof(struct sadb_cred); - tdb->tdb_dst_cred_type = sadb_cred->sadb_cred_type; - MALLOC(tdb->tdb_dst_credentials, caddr_t, tdb->tdb_dst_cred_len, - M_XDATA, M_WAITOK); + tdb->tdb_remote_cred_len = EXTLEN(sadb_cred) - + sizeof(struct sadb_cred); + tdb->tdb_remote_cred_type = sadb_cred->sadb_cred_type; + MALLOC(tdb->tdb_remote_cred, caddr_t, tdb->tdb_remote_cred_len, + M_CREDENTIALS, M_WAITOK); bcopy((void *) sadb_cred + sizeof(struct sadb_cred), - tdb->tdb_dst_credentials, tdb->tdb_dst_cred_len); + tdb->tdb_remote_cred, tdb->tdb_remote_cred_len); } else { - tdb->tdb_src_cred_len = EXTLEN(sadb_cred) - sizeof(struct sadb_cred); - tdb->tdb_src_cred_type = sadb_cred->sadb_cred_type; - MALLOC(tdb->tdb_src_credentials, caddr_t, tdb->tdb_src_cred_len, - M_XDATA, M_WAITOK); + tdb->tdb_local_cred_len = EXTLEN(sadb_cred) - sizeof(struct sadb_cred); + tdb->tdb_local_cred_type = sadb_cred->sadb_cred_type; + MALLOC(tdb->tdb_local_cred, caddr_t, tdb->tdb_local_cred_len, + M_CREDENTIALS, M_WAITOK); bcopy((void *) sadb_cred + sizeof(struct sadb_cred), - tdb->tdb_src_credentials, tdb->tdb_src_cred_len); + tdb->tdb_local_cred, tdb->tdb_local_cred_len); } } @@ -526,7 +527,7 @@ import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type) tdb->tdb_srcid_len = EXTLEN(sadb_ident) - sizeof(struct sadb_ident); tdb->tdb_srcid_type = sadb_ident->sadb_ident_type; - MALLOC(tdb->tdb_srcid, u_int8_t *, tdb->tdb_srcid_len, M_XDATA, + MALLOC(tdb->tdb_srcid, u_int8_t *, tdb->tdb_srcid_len, M_CREDENTIALS, M_WAITOK); bcopy((void *) sadb_ident + sizeof(struct sadb_ident), tdb->tdb_srcid, tdb->tdb_srcid_len); @@ -536,7 +537,7 @@ import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type) tdb->tdb_dstid_len = EXTLEN(sadb_ident) - sizeof(struct sadb_ident); tdb->tdb_dstid_type = sadb_ident->sadb_ident_type; - MALLOC(tdb->tdb_dstid, u_int8_t *, tdb->tdb_dstid_len, M_XDATA, + MALLOC(tdb->tdb_dstid, u_int8_t *, tdb->tdb_dstid_len, M_CREDENTIALS, M_WAITOK); bcopy((void *) sadb_ident + sizeof(struct sadb_ident), tdb->tdb_dstid, tdb->tdb_dstid_len); @@ -551,22 +552,22 @@ export_credentials(void **p, struct tdb *tdb, int dstcred) if (dstcred) { sadb_cred->sadb_cred_len = (sizeof(struct sadb_cred) + - PADUP(tdb->tdb_dst_cred_len)) / + PADUP(tdb->tdb_remote_cred_len)) / sizeof(uint64_t); - sadb_cred->sadb_cred_type = tdb->tdb_dst_cred_type; + sadb_cred->sadb_cred_type = tdb->tdb_remote_cred_type; *p += sizeof(struct sadb_cred); - bcopy(tdb->tdb_dst_credentials, *p, tdb->tdb_dst_cred_len); - *p += PADUP(tdb->tdb_dst_cred_len); + bcopy(tdb->tdb_remote_cred, *p, tdb->tdb_remote_cred_len); + *p += PADUP(tdb->tdb_remote_cred_len); } else { sadb_cred->sadb_cred_len = (sizeof(struct sadb_cred) + - PADUP(tdb->tdb_src_cred_len)) / + PADUP(tdb->tdb_local_cred_len)) / sizeof(uint64_t); - sadb_cred->sadb_cred_type = tdb->tdb_src_cred_type; + sadb_cred->sadb_cred_type = tdb->tdb_local_cred_type; *p += sizeof(struct sadb_cred); - bcopy(tdb->tdb_src_credentials, *p, tdb->tdb_src_cred_len); - *p += PADUP(tdb->tdb_src_cred_len); + bcopy(tdb->tdb_local_cred, *p, tdb->tdb_local_cred_len); + *p += PADUP(tdb->tdb_local_cred_len); } } @@ -1059,15 +1060,15 @@ pfkeyv2_get(struct tdb *sa, void **headers, void **buffer) } /* Export credentials, if present */ - if (sa->tdb_src_credentials) + if (sa->tdb_local_cred) { - headers[SADB_X_EXT_SRC_CREDENTIALS] = p; + headers[SADB_X_EXT_LOCAL_CREDENTIALS] = p; export_credentials(&p, sa, 0); } - if (sa->tdb_dst_credentials) + if (sa->tdb_remote_cred) { - headers[SADB_X_EXT_DST_CREDENTIALS] = p; + headers[SADB_X_EXT_REMOTE_CREDENTIALS] = p; export_credentials(&p, sa, 1); } @@ -1384,10 +1385,10 @@ pfkeyv2_send(struct socket *socket, void *message, int len) PFKEYV2_IDENTITY_SRC); import_identity(newsa, headers[SADB_EXT_IDENTITY_DST], PFKEYV2_IDENTITY_DST); - import_credentials(newsa, headers[SADB_X_EXT_SRC_CREDENTIALS], - 0); - import_credentials(newsa, headers[SADB_X_EXT_DST_CREDENTIALS], - 1); + import_credentials(newsa, + headers[SADB_X_EXT_LOCAL_CREDENTIALS], 0); + import_credentials(newsa, + headers[SADB_X_EXT_REMOTE_CREDENTIALS], 1); headers[SADB_EXT_KEY_AUTH] = NULL; headers[SADB_EXT_KEY_ENCRYPT] = NULL; @@ -1502,10 +1503,10 @@ pfkeyv2_send(struct socket *socket, void *message, int len) import_identity(newsa, headers[SADB_EXT_IDENTITY_DST], PFKEYV2_IDENTITY_DST); - import_credentials(newsa, headers[SADB_X_EXT_SRC_CREDENTIALS], - 0); - import_credentials(newsa, headers[SADB_X_EXT_DST_CREDENTIALS], - 1); + import_credentials(newsa, + headers[SADB_X_EXT_LOCAL_CREDENTIALS], 0); + import_credentials(newsa, + headers[SADB_X_EXT_REMOTE_CREDENTIALS], 1); headers[SADB_EXT_KEY_AUTH] = NULL; headers[SADB_EXT_KEY_ENCRYPT] = NULL; @@ -1907,7 +1908,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len) { /* Allocate policy entry */ MALLOC(ipo, struct ipsec_policy *, sizeof(struct ipsec_policy), - M_TDB, M_NOWAIT); + M_IPSEC_POLICY, M_NOWAIT); if (ipo == NULL) { rval = ENOMEM; @@ -1957,7 +1958,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len) default: if (!exists) - FREE(ipo, M_TDB); + FREE(ipo, M_IPSEC_POLICY); else { s = spltdb(); @@ -1990,13 +1991,13 @@ pfkeyv2_send(struct socket *socket, void *message, int len) ipo->ipo_sproto = SADB_GETSPROTO(smsg->sadb_msg_satype); if (ipo->ipo_srcid) { - FREE(ipo->ipo_srcid, M_TEMP); + FREE(ipo->ipo_srcid, M_CREDENTIALS); ipo->ipo_srcid = NULL; } if (ipo->ipo_dstid) { - FREE(ipo->ipo_dstid, M_TEMP); + FREE(ipo->ipo_dstid, M_CREDENTIALS); ipo->ipo_dstid = NULL; } @@ -2006,7 +2007,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len) ipo->ipo_srcid_len = (sid->sadb_ident_len * sizeof(u_int64_t)) - sizeof(struct sadb_ident); MALLOC(ipo->ipo_srcid, u_int8_t *, ipo->ipo_srcid_len, - M_TEMP, M_DONTWAIT); + M_CREDENTIALS, M_DONTWAIT); if (ipo->ipo_srcid == NULL) { if (exists) @@ -2016,7 +2017,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len) splx(s); } else - FREE(ipo, M_TDB); + FREE(ipo, M_IPSEC_POLICY); rval = ENOBUFS; goto ret; } @@ -2031,7 +2032,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len) sizeof(struct sadb_ident); MALLOC(ipo->ipo_dstid, u_int8_t *, ipo->ipo_dstid_len, - M_TEMP, M_DONTWAIT); + M_CREDENTIALS, M_DONTWAIT); if (ipo->ipo_dstid == NULL) { if (exists) @@ -2043,8 +2044,8 @@ pfkeyv2_send(struct socket *socket, void *message, int len) else { if (ipo->ipo_dstid) - FREE(ipo->ipo_dstid, M_TEMP); - FREE(ipo, M_TDB); + FREE(ipo->ipo_dstid, M_CREDENTIALS); + FREE(ipo, M_IPSEC_POLICY); } rval = ENOBUFS; @@ -2074,10 +2075,10 @@ pfkeyv2_send(struct socket *socket, void *message, int len) } if (ipo->ipo_srcid) - FREE(ipo->ipo_srcid, M_TEMP); + FREE(ipo->ipo_srcid, M_CREDENTIALS); if (ipo->ipo_dstid) - FREE(ipo->ipo_dstid, M_TEMP); - FREE(ipo, M_TDB); /* Free policy entry */ + FREE(ipo->ipo_dstid, M_CREDENTIALS); + FREE(ipo, M_IPSEC_POLICY); /* Free policy entry */ goto ret; } diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index 24f89895fe5..ad46d758392 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -200,8 +200,8 @@ struct sadb_cred { #define SADB_X_EXT_SA2 23 #define SADB_X_EXT_DST2 24 #define SADB_X_EXT_POLICY 25 -#define SADB_X_EXT_SRC_CREDENTIALS 26 -#define SADB_X_EXT_DST_CREDENTIALS 27 +#define SADB_X_EXT_LOCAL_CREDENTIALS 26 +#define SADB_X_EXT_REMOTE_CREDENTIALS 27 #define SADB_EXT_MAX 27 /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */ diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c index ef6f94a3b60..0948674f8e9 100644 --- a/sys/net/pfkeyv2_parsemessage.c +++ b/sys/net/pfkeyv2_parsemessage.c @@ -60,9 +60,9 @@ you didn't get a copy, you may request one from <license@inner.net>. #define BITMAP_X_SA2 (1 << SADB_X_EXT_SA2) #define BITMAP_X_DST2 (1 << SADB_X_EXT_DST2) #define BITMAP_X_POLICY (1 << SADB_X_EXT_POLICY) -#define BITMAP_X_SRC_CREDENTIALS (1 << SADB_X_EXT_SRC_CREDENTIALS) -#define BITMAP_X_DST_CREDENTIALS (1 << SADB_X_EXT_DST_CREDENTIALS) -#define BITMAP_X_CREDENTIALS (BITMAP_X_SRC_CREDENTIALS | BITMAP_X_DST_CREDENTIALS) +#define BITMAP_X_LOCAL_CREDENTIALS (1 << SADB_X_EXT_LOCAL_CREDENTIALS) +#define BITMAP_X_REMOTE_CREDENTIALS (1 << SADB_X_EXT_REMOTE_CREDENTIALS) +#define BITMAP_X_CREDENTIALS (BITMAP_X_LOCAL_CREDENTIALS | BITMAP_X_REMOTE_CREDENTIALS) #define BITMAP_X_FLOW (BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW) uint32_t sadb_exts_allowed_in[SADB_MAX+1] = @@ -418,8 +418,8 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) return EINVAL; } break; - case SADB_X_EXT_SRC_CREDENTIALS: - case SADB_X_EXT_DST_CREDENTIALS: + case SADB_X_EXT_LOCAL_CREDENTIALS: + case SADB_X_EXT_REMOTE_CREDENTIALS: { struct sadb_cred *sadb_cred = (struct sadb_cred *)p; |