summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--sbin/ipsecadm/ipsecadm.c14
-rw-r--r--sbin/isakmpd/pf_key_v2.c165
-rw-r--r--sbin/isakmpd/sysdep/openbsd/sysdep-os.h30
-rw-r--r--sbin/photurisd/kernel.c12
-rw-r--r--sys/net/pfkeyv2.c90
-rw-r--r--sys/net/pfkeyv2.h76
-rw-r--r--sys/net/pfkeyv2_parsemessage.c18
7 files changed, 220 insertions, 185 deletions
diff --git a/sbin/ipsecadm/ipsecadm.c b/sbin/ipsecadm/ipsecadm.c
index 0bbf79a8a99..f114c55e066 100644
--- a/sbin/ipsecadm/ipsecadm.c
+++ b/sbin/ipsecadm/ipsecadm.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ipsecadm.c,v 1.54 2001/05/30 16:44:41 angelos Exp $ */
+/* $OpenBSD: ipsecadm.c,v 1.55 2001/06/05 00:17:47 niklas Exp $ */
/*
* The authors of this code are John Ioannidis (ji@tla.org),
* Angelos D. Keromytis (kermit@csd.uch.gr) and
@@ -1103,7 +1103,7 @@ main(int argc, char **argv)
{
/* Setup everything for a bypass flow */
bypass = 1;
- sprotocol2.sadb_protocol_proto = FLOW_X_TYPE_BYPASS;
+ sprotocol2.sadb_protocol_proto = SADB_X_FLOW_TYPE_BYPASS;
continue;
}
@@ -1112,7 +1112,7 @@ main(int argc, char **argv)
{
/* Setup everything for a deny flow */
deny = 1;
- sprotocol2.sadb_protocol_proto = FLOW_X_TYPE_DENY;
+ sprotocol2.sadb_protocol_proto = SADB_X_FLOW_TYPE_DENY;
continue;
}
@@ -1120,7 +1120,7 @@ main(int argc, char **argv)
!bypass && !ipsec)
{
ipsec = 1;
- sprotocol2.sadb_protocol_proto = FLOW_X_TYPE_USE;
+ sprotocol2.sadb_protocol_proto = SADB_X_FLOW_TYPE_USE;
continue;
}
@@ -1128,7 +1128,7 @@ main(int argc, char **argv)
!bypass && !ipsec)
{
ipsec = 1;
- sprotocol2.sadb_protocol_proto = FLOW_X_TYPE_ACQUIRE;
+ sprotocol2.sadb_protocol_proto = SADB_X_FLOW_TYPE_ACQUIRE;
continue;
}
@@ -1136,7 +1136,7 @@ main(int argc, char **argv)
!bypass && !ipsec)
{
ipsec = 1;
- sprotocol2.sadb_protocol_proto = FLOW_X_TYPE_REQUIRE;
+ sprotocol2.sadb_protocol_proto = SADB_X_FLOW_TYPE_REQUIRE;
continue;
}
@@ -1144,7 +1144,7 @@ main(int argc, char **argv)
!bypass && !ipsec)
{
ipsec = 1;
- sprotocol2.sadb_protocol_proto = FLOW_X_TYPE_DONTACQ;
+ sprotocol2.sadb_protocol_proto = SADB_X_FLOW_TYPE_DONTACQ;
continue;
}
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 6368c508c4a..31e2dc8bc4b 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.55 2001/05/31 20:30:29 angelos Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.56 2001/06/05 00:17:46 niklas Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -760,8 +760,8 @@ pf_key_v2_set_spi (struct sa *sa, struct proto *proto, int incoming,
int dstlen, srclen, keylen, hashlen, err;
struct pf_key_v2_msg *update = 0, *ret = 0;
struct ipsec_proto *iproto = proto->data;
-#if defined(SADB_CREDTYPE_NONE) || defined(SADB_AUTHTYPE_NONE)
- struct sadb_cred *cred;
+#if defined (SADB_X_CREDTYPE_NONE) || defined (SADB_X_AUTHTYPE_NONE)
+ struct sadb_x_cred *cred;
#endif
size_t len;
#ifdef KAME
@@ -1217,7 +1217,7 @@ pf_key_v2_set_spi (struct sa *sa, struct proto *proto, int incoming,
free (sid);
}
-#ifdef SADB_CREDTYPE_NONE
+#ifdef SADB_X_CREDTYPE_NONE
/*
* Send received credentials to the kernel. We don't bother with
* our credentials, since the process either knows them (if it specified
@@ -1232,28 +1232,28 @@ pf_key_v2_set_spi (struct sa *sa, struct proto *proto, int incoming,
/* Nothing to be done */
break;
+#if defined (USE_KEYNOTE) && defined (SADB_X_EXT_REMOTE_CREDENTIALS)
case ISAKMP_CERTENC_KEYNOTE:
-#ifdef USE_KEYNOTE
len = strlen (isakmp_sa->recv_cert);
cred = calloc (PF_KEY_V2_ROUND (len) + sizeof *cred,
- sizeof(u_int8_t));
+ sizeof (u_int8_t));
if (!cred)
goto cleanup;
- cred->sadb_cred_len = ((sizeof *cred) / PF_KEY_V2_CHUNK) +
+ cred->sadb_x_cred_len = ((sizeof *cred) / PF_KEY_V2_CHUNK) +
PF_KEY_V2_ROUND (len) / PF_KEY_V2_CHUNK;
- cred->sadb_cred_exttype = SADB_X_EXT_REMOTE_CREDENTIALS;
- cred->sadb_cred_type = SADB_CREDTYPE_KEYNOTE;
- memcpy(cred + 1, isakmp_sa->recv_cert, len);
+ cred->sadb_x_cred_exttype = SADB_X_EXT_REMOTE_CREDENTIALS;
+ cred->sadb_x_cred_type = SADB_X_CREDTYPE_KEYNOTE;
+ memcpy (cred + 1, isakmp_sa->recv_cert, len);
if (pf_key_v2_msg_add (update, (struct sadb_ext *)cred,
PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
-#endif /* USE_KEYNOTE */
break;
+#endif /* USE_KEYNOTE */
+#if defined (USE_X509) && defined (SADB_X_EXT_REMOTE_CREDENTIALS)
case ISAKMP_CERTENC_X509_SIG:
-#ifdef USE_X509
{
u_int8_t *data;
u_int32_t datalen;
@@ -1269,31 +1269,31 @@ pf_key_v2_set_spi (struct sa *sa, struct proto *proto, int incoming,
len = datalen;
cred = calloc (PF_KEY_V2_ROUND (len) + sizeof *cred,
- sizeof(u_int8_t));
+ sizeof (u_int8_t));
if (!cred)
{
free (data);
goto cleanup;
}
- cred->sadb_cred_len = ((sizeof *cred) / PF_KEY_V2_CHUNK) +
+ cred->sadb_x_cred_len = ((sizeof *cred) / PF_KEY_V2_CHUNK) +
PF_KEY_V2_ROUND (len) / PF_KEY_V2_CHUNK;
- cred->sadb_cred_exttype = SADB_X_EXT_REMOTE_CREDENTIALS;
- cred->sadb_cred_type = SADB_CREDTYPE_X509;
- memcpy(cred + 1, data, len);
+ cred->sadb_x_cred_exttype = SADB_X_EXT_REMOTE_CREDENTIALS;
+ cred->sadb_x_cred_type = SADB_X_CREDTYPE_X509;
+ memcpy (cred + 1, data, len);
free (data);
if (pf_key_v2_msg_add (update, (struct sadb_ext *)cred,
PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
}
-#endif /* USE_X509 */
break;
+#endif /* USE_X509 */
}
}
-#endif /* SADB_CREDTYPE_NONE */
+#endif /* SADB_X_CREDTYPE_NONE */
-#ifdef SADB_AUTHTYPE_NONE
+#ifdef SADB_X_AUTHTYPE_NONE
/* Tell the kernel what the peer used to authenticate, unless passphrase */
if (isakmp_sa->recv_key)
{
@@ -1316,23 +1316,23 @@ pf_key_v2_set_spi (struct sa *sa, struct proto *proto, int incoming,
if (!data)
goto cleanup;
- cred = calloc (PF_KEY_V2_ROUND(len) + sizeof *cred, sizeof (u_int8_t));
+ cred = calloc (PF_KEY_V2_ROUND (len) + sizeof *cred, sizeof (u_int8_t));
if (!cred)
{
free (data);
goto cleanup;
}
- cred->sadb_cred_len = ((sizeof *cred) / PF_KEY_V2_CHUNK) +
+ cred->sadb_x_cred_len = ((sizeof *cred) / PF_KEY_V2_CHUNK) +
PF_KEY_V2_ROUND (len) / PF_KEY_V2_CHUNK;
- cred->sadb_cred_exttype = SADB_X_EXT_REMOTE_AUTH;
- memcpy(cred + 1, data, len);
+ cred->sadb_x_cred_exttype = SADB_X_EXT_REMOTE_AUTH;
+ memcpy (cred + 1, data, len);
free (data);
switch (isakmp_sa->recv_keytype)
{
case ISAKMP_KEY_RSA:
- cred->sadb_cred_type = SADB_AUTHTYPE_RSA;
+ cred->sadb_x_cred_type = SADB_X_AUTHTYPE_RSA;
break;
default:
@@ -1347,7 +1347,7 @@ pf_key_v2_set_spi (struct sa *sa, struct proto *proto, int incoming,
goto cleanup;
}
doneauth:
-#endif /* SADB_AUTHTYPE_NONE */
+#endif /* SADB_X_AUTHTYPE_NONE */
/* XXX Here can sensitivity extensions be setup. */
@@ -1441,7 +1441,7 @@ pf_key_v2_flow (in_addr_t laddr, in_addr_t lmask, in_addr_t raddr,
size_t len;
int err;
-#if !defined (SADB_X_SAFLAGS_INGRESS_FLOW) && !defined(SADB_X_EXT_FLOW_TYPE)
+#if !defined (SADB_X_SAFLAGS_INGRESS_FLOW) && !defined (SADB_X_EXT_FLOW_TYPE)
if (ingress)
return 0;
#endif
@@ -1518,7 +1518,7 @@ pf_key_v2_flow (in_addr_t laddr, in_addr_t lmask, in_addr_t raddr,
flowtype.sadb_protocol_len = sizeof flowtype / PF_KEY_V2_CHUNK;
flowtype.sadb_protocol_direction
= ingress ? IPSP_DIRECTION_IN : IPSP_DIRECTION_OUT;
- flowtype.sadb_protocol_proto = FLOW_X_TYPE_REQUIRE;
+ flowtype.sadb_protocol_proto = SADB_X_FLOW_TYPE_REQUIRE;
if (pf_key_v2_msg_add (flow, (struct sadb_ext *)&flowtype, 0) == -1)
goto cleanup;
@@ -1987,7 +1987,7 @@ pf_key_v2_conf_refinc (int af, char *section)
unsigned char conn[22];
int num;
- if (section == NULL)
+ if (!section)
return 0;
num = conf_get_num (section, "Refcount", 0);
@@ -2009,7 +2009,7 @@ pf_key_v2_conf_refhandle (int af, char *section)
unsigned char conn[22];
int num;
- if (section == NULL)
+ if (!section)
return 0;
num = conf_get_num (section, "Refcount", 0);
@@ -2030,14 +2030,14 @@ pf_key_v2_conf_refhandle (int af, char *section)
/* Remove all dynamically-established configuration entries */
static int
-pf_key_v2_remove_conf(char *section)
+pf_key_v2_remove_conf (char *section)
{
char *ikepeer, *localid, *remoteid, *configname;
struct conf_list_node *attr;
struct conf_list *attrs;
int af;
- if (section == NULL)
+ if (!section)
return 0;
if (!conf_get_str (section, "Phase"))
@@ -2436,12 +2436,12 @@ pf_key_v2_expire (struct pf_key_v2_msg *pmsg)
static void
pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
{
-#if !defined (SADB_X_ASKPOLICY)
+#ifndef SADB_X_ASKPOLICY
return;
#else
struct sadb_msg *msg, askpolicy_msg;
struct pf_key_v2_msg *askpolicy = 0, *ret = 0;
- struct sadb_policy policy;
+ struct sadb_x_policy policy;
struct sadb_address *dst = 0, *src = 0;
struct sockaddr *dstaddr, *srcaddr = 0;
struct sadb_comb *scmb = 0;
@@ -2458,12 +2458,12 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
char lname[100], dname[100], configname[30];
int shostflag = 0, dhostflag = 0;
struct pf_key_v2_node *ext;
- struct passwd *pwd = NULL;
+ struct passwd *pwd = 0;
u_int16_t sport = 0, dport = 0;
u_int8_t tproto = 0;
char tmbuf[sizeof sport * 3 + 1];
-#if defined(SADB_CREDTYPE_NONE)
- struct sadb_cred *cred, *sauth;
+#ifdef SADB_X_CREDTYPE_NONE
+ struct sadb_x_cred *cred = 0, *sauth = 0;
#endif
msg = (struct sadb_msg *)TAILQ_FIRST (pmsg)->seg;
@@ -2502,9 +2502,9 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
if (!askpolicy)
goto fail;
- policy.sadb_policy_exttype = SADB_X_EXT_POLICY;
- policy.sadb_policy_len = sizeof policy / PF_KEY_V2_CHUNK;
- policy.sadb_policy_seq = msg->sadb_msg_seq;
+ policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
+ policy.sadb_x_policy_len = sizeof policy / PF_KEY_V2_CHUNK;
+ policy.sadb_x_policy_seq = msg->sadb_msg_seq;
if (pf_key_v2_msg_add (askpolicy, (struct sadb_ext *)&policy, 0) == -1)
goto fail;
@@ -2520,7 +2520,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
log_print ("pf_key_v2_acquire: no source flow extension found");
goto fail;
}
- sflow = (struct sockaddr *) (((struct sadb_address *)ext->seg) + 1);
+ sflow = (struct sockaddr *)(((struct sadb_address *)ext->seg) + 1);
ext = pf_key_v2_find_ext (ret, SADB_X_EXT_DST_FLOW);
if (!ext)
@@ -2554,11 +2554,15 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
sproto = ext->seg;
tproto = sproto->sadb_protocol_proto;
-#if defined(SADB_CREDTYPE_NONE)
- cred = (struct sadb_cred *)pf_key_v2_find_ext (ret,
- SADB_X_EXT_LOCAL_CREDENTIALS);
+#ifdef SADB_X_EXT_LOCAL_CREDENTIALS
+ cred
+ = (struct sadb_x_cred *)pf_key_v2_find_ext (ret,
+ SADB_X_EXT_LOCAL_CREDENTIALS);
+#endif
- sauth = (struct sadb_cred *)pf_key_v2_find_ext (ret, SADB_X_EXT_LOCAL_AUTH);
+#ifdef SADB_X_EXT_LOCAL_AUTH
+ sauth = (struct sadb_x_cred *)pf_key_v2_find_ext (ret,
+ SADB_X_EXT_LOCAL_AUTH);
#endif
bzero (ssflow, sizeof ssflow);
@@ -2727,7 +2731,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
if (srcident->sadb_ident_id)
{
pwd = getpwuid (srcident->sadb_ident_id);
- if (pwd == NULL)
+ if (!pwd)
{
log_error ("pf_key_v2_acquire: could not acquire "
"username from provided ID %d",
@@ -2764,7 +2768,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
strlcat (srcid + strlen ("ID:/") + strlen (prefstring),
pwd->pw_name,
strlen (prefstring) + 1 + strlen ("ID:/"));
- pwd = NULL;
+ pwd = 0;
/* Set the section if it doesn't already exist */
af = conf_begin ();
@@ -2833,7 +2837,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
if (dstident->sadb_ident_id)
{
pwd = getpwuid (dstident->sadb_ident_id);
- if (pwd == NULL)
+ if (!pwd)
{
log_error ("pf_key_v2_acquire: could not acquire "
"username from provided ID %d",
@@ -2870,7 +2874,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
strlcat (dstid + strlen ("ID:/") + strlen (prefstring),
pwd->pw_name,
strlen (prefstring) + 1 + strlen ("ID:/"));
- pwd = NULL;
+ pwd = 0;
/* Set the section if it doesn't already exist */
af = conf_begin ();
@@ -3160,18 +3164,18 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
goto fail;
}
-#if defined(SADB_CREDTYPE_NONE)
+#ifdef SADB_X_CREDTYPE_NONE
/* Store any credentials passed to us */
- if (cred != NULL)
+ if (cred)
{
- struct cert_handler *handler = NULL;
+ struct cert_handler *handler = 0;
void *cert;
char num[10], *certprint;
/* Convert to bytes in-place */
- cred->sadb_cred_len *= PF_KEY_V2_CHUNK;
+ cred->sadb_x_cred_len *= PF_KEY_V2_CHUNK;
- if (cred->sadb_cred_len <= sizeof *cred)
+ if (cred->sadb_x_cred_len <= sizeof *cred)
{
log_error ("pf_key_v2_set_spi: zero-length credentials, "
"aborting SA acquisition");
@@ -3179,24 +3183,24 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
goto fail;
}
- switch (cred->sadb_cred_type)
+ switch (cred->sadb_x_cred_type)
{
- case SADB_CREDTYPE_X509:
+ case SADB_X_CREDTYPE_X509:
sprintf (num, "%d", ISAKMP_CERTENC_X509_SIG);
handler = cert_get (ISAKMP_CERTENC_X509_SIG);
break;
- case SADB_CREDTYPE_KEYNOTE:
+ case SADB_X_CREDTYPE_KEYNOTE:
sprintf (num, "%d", ISAKMP_CERTENC_KEYNOTE);
handler = cert_get (ISAKMP_CERTENC_KEYNOTE);
break;
default:
log_error ("pf_key_v2_set_spi: unknown credential type %d",
- cred->sadb_cred_type);
+ cred->sadb_x_cred_type);
conf_end (af, 0);
goto fail;
}
- if (handler == NULL)
+ if (!handler)
{
log_error ("pf_key_v2_set_spi: cert_get (%s) failed", num);
conf_end (af, 0);
@@ -3212,13 +3216,13 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
/* Get the certificate */
cert = handler->cert_get ((u_int8_t *)(cred + 1),
- cred->sadb_cred_len - sizeof *cred);
+ cred->sadb_x_cred_len - sizeof *cred);
/* Now convert to printable format */
certprint = handler->cert_printable (cert);
handler->cert_free (cert);
- if (certprint == NULL ||
- conf_set (af, peer, "Credentials", certprint, 0, 0))
+ if (!certprint
+ || conf_set (af, peer, "Credentials", certprint, 0, 0))
{
if (certprint)
free (certprint);
@@ -3227,30 +3231,30 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
}
free (certprint);
}
-#endif /* SADB_CREDTYPE_NONE */
+#endif /* SADB_X_CREDTYPE_NONE */
/* Phase 1 configuration */
if (!conf_get_str (confname, "exchange_type"))
{
-#if defined(SADB_CREDTYPE_NONE)
+#ifdef SADB_X_CREDTYPE_NONE
/* We may have been provided with authentication material */
- if (sauth != NULL)
+ if (sauth)
{
u_int8_t *authm;
/* Convert to bytes in-place */
- sauth->sadb_cred_len *= PF_KEY_V2_CHUNK;
+ sauth->sadb_x_cred_len *= PF_KEY_V2_CHUNK;
- switch (sauth->sadb_cred_type)
+ switch (sauth->sadb_x_cred_type)
{
- case SADB_AUTHTYPE_PASSPHRASE:
+ case SADB_X_AUTHTYPE_PASSPHRASE:
if (conf_set (af, confname, "Transforms", "3DES-SHA", 0, 0))
{
conf_end (af, 0);
goto fail;
}
- if (sauth->sadb_cred_len <= sizeof *sauth)
+ if (sauth->sadb_x_cred_len <= sizeof *sauth)
{
log_error ("pf_key_v2_set_spi: zero-length passphrase, "
"aborting SA acquisition");
@@ -3258,16 +3262,16 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
goto fail;
}
- authm = malloc (sauth->sadb_cred_len - sizeof *sauth + 1);
- if (authm == NULL)
+ authm = malloc (sauth->sadb_x_cred_len - sizeof *sauth + 1);
+ if (!authm)
{
log_error ("pf_key_v2_set_spi: malloc (%d) failed",
- sauth->sadb_cred_len - sizeof *sauth + 1);
+ sauth->sadb_x_cred_len - sizeof *sauth + 1);
conf_end (af, 0);
goto fail;
}
memcpy (authm, sauth + 1,
- sauth->sadb_cred_len - sizeof *sauth + 1);
+ sauth->sadb_x_cred_len - sizeof *sauth + 1);
/* Set the passphrase in the peer */
if (conf_set (af, peer, "Authentication", authm, 0, 0))
@@ -3279,7 +3283,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
free (authm);
break;
- case SADB_AUTHTYPE_RSA:
+ case SADB_X_AUTHTYPE_RSA:
if (conf_set (af, confname, "Transforms", "3DES-SHA-RSA_SIG",
0, 0))
{
@@ -3287,7 +3291,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
goto fail;
}
- if (sauth->sadb_cred_len <= sizeof *sauth)
+ if (sauth->sadb_x_cred_len <= sizeof *sauth)
{
log_error ("pf_key_v2_set_spi: zero-length RSA key, "
"aborting SA acquisition");
@@ -3298,12 +3302,13 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
authm = key_printable (ISAKMP_KEY_RSA,
ISAKMP_KEYTYPE_PRIVATE,
(u_int8_t *) sauth + 1,
- sauth->sadb_cred_len - sizeof *sauth);
- if (authm == NULL)
+ sauth->sadb_x_cred_len
+ - sizeof *sauth);
+ if (!authm)
{
log_error ("pf_key_v2_set_spi: failed to convert "
"private key to printable format (size %d)",
- sauth->sadb_cred_len - sizeof *sauth);
+ sauth->sadb_x_cred_len - sizeof *sauth);
conf_end (af, 0);
goto fail;
}
@@ -3327,13 +3332,13 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
default:
log_error ("pf_key_v2_set_spi: unknown authentication "
"material type %d received from kernel",
- sauth->sadb_cred_type);
+ sauth->sadb_x_cred_type);
conf_end (af, 0);
goto fail;
}
}
else /* Fall through */
-#endif /* SADB_CREDTYPE_NONE */
+#endif /* SADB_X_CREDTYPE_NONE */
/* XXX Default transform set should be settable */
if (conf_set (af, confname, "Transforms", "3DES-SHA-RSA_SIG", 0, 0))
{
diff --git a/sbin/isakmpd/sysdep/openbsd/sysdep-os.h b/sbin/isakmpd/sysdep/openbsd/sysdep-os.h
index c427ed683ec..aca2bce41be 100644
--- a/sbin/isakmpd/sysdep/openbsd/sysdep-os.h
+++ b/sbin/isakmpd/sysdep/openbsd/sysdep-os.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sysdep-os.h,v 1.4 1999/07/08 17:49:35 niklas Exp $ */
+/* $OpenBSD: sysdep-os.h,v 1.5 2001/06/05 00:17:47 niklas Exp $ */
/* $EOM: sysdep-os.h,v 1.3 1999/07/08 16:48:40 niklas Exp $ */
/*
@@ -37,10 +37,12 @@
#ifndef _SYSDEP_OS_H_
#define _SYSDEP_OS_H_
-#ifdef SADB_EXT_X_SRC_MASK
-
-/* Non-conformant PF_KEYv2 extensions, transform them into being conformant. */
+/*
+ * OpenBSD has at various times had non-conformant PF_KEYv2 definitions.
+ * Here we transform them into being conformant.
+ */
+#ifdef SADB_EXT_X_SRC_MASK
#define SADB_X_EXT_SRC_MASK SADB_EXT_X_SRC_MASK
#define SADB_X_EXT_DST_MASK SADB_EXT_X_DST_MASK
#define SADB_X_EXT_PROTOCOL SADB_EXT_X_PROTOCOL
@@ -69,4 +71,24 @@
#endif /* SADB_EXT_X_SRC_MASK */
+#if defined (SADB_IDENTTYPE_MBOX) && !defined (SADB_IDENTTYPE_USERFQDN)
+#define SADB_IDENTTYPE_USERFQDN SADB_IDENTTYPE_MBOX
+#endif
+
+#ifdef FLOW_X_TYPE_USE
+#define SADB_X_FLOW_TYPE_USE FLOW_X_TYPE_USE
+#define SADB_X_FLOW_TYPE_ACQUIRE FLOW_X_TYPE_ACQUIRE
+#define SADB_X_FLOW_TYPE_REQUIRE FLOW_X_TYPE_REQUIRE
+#define SADB_X_FLOW_TYPE_BYPASS FLOW_X_TYPE_BYPASS
+#define SADB_X_FLOW_TYPE_DENY FLOW_X_TYPE_DENY
+#define SADB_X_FLOW_TYPE_DONTACQ FLOW_X_TYPE_DONTACQ
+#endif
+
+#if OPENBSD_IPSEC_API_VERSION == 1
+#define sadb_x_policy sadb_policy
+#define sadb_x_policy_len sadb_policy_len
+#define sadb_x_policy_exttype sadb_policy_exttype
+#define sadb_x_policy_seq sadb_policy_seq
+#endif
+
#endif /* _SYSDEP_OS_H_ */
diff --git a/sbin/photurisd/kernel.c b/sbin/photurisd/kernel.c
index fe593952510..598843f17ff 100644
--- a/sbin/photurisd/kernel.c
+++ b/sbin/photurisd/kernel.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kernel.c,v 1.21 2001/01/28 22:45:11 niklas Exp $ */
+/* $OpenBSD: kernel.c,v 1.22 2001/06/05 00:17:48 niklas Exp $ */
/*
* Copyright 1997-2000 Niels Provos <provos@citi.umich.edu>
@@ -41,7 +41,7 @@
*/
#ifndef lint
-static char rcsid[] = "$OpenBSD: kernel.c,v 1.21 2001/01/28 22:45:11 niklas Exp $";
+static char rcsid[] = "$OpenBSD: kernel.c,v 1.22 2001/06/05 00:17:48 niklas Exp $";
#endif
#include <time.h>
@@ -1199,7 +1199,7 @@ struct sadb_msg *
pfkey_askpolicy(int seq)
{
struct sadb_msg smsg;
- struct sadb_policy policy;
+ struct sadb_x_policy policy;
struct iovec iov[2];
int cnt = 0;
@@ -1215,9 +1215,9 @@ pfkey_askpolicy(int seq)
iov[cnt++].iov_len = sizeof(smsg);
memset(&policy, 0, sizeof(policy));
- policy.sadb_policy_exttype = SADB_X_EXT_POLICY;
- policy.sadb_policy_len = sizeof(policy) / 8;
- policy.sadb_policy_seq = seq;
+ policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
+ policy.sadb_x_policy_len = sizeof(policy) / 8;
+ policy.sadb_x_policy_seq = seq;
iov[cnt].iov_base = &policy;
iov[cnt++].iov_len = sizeof(policy);
smsg.sadb_msg_len += sizeof(policy) / 8;
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index 7cae9ea92a9..92453ef5a67 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.62 2001/05/30 16:44:11 angelos Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.63 2001/06/05 00:17:48 niklas Exp $ */
/*
%%% copyright-nrl-97
This software is Copyright 1997-1998 by Randall Atkinson, Ronald Lee,
@@ -71,12 +71,12 @@ void export_sa(void **, struct tdb *);
void export_key(void **, struct tdb *, int);
void export_auth(void **, struct tdb *, int);
-void import_auth(struct tdb *, struct sadb_cred *, int);
+void import_auth(struct tdb *, struct sadb_x_cred *, int);
void import_address(struct sockaddr *, struct sadb_address *);
void import_identity(struct tdb *, struct sadb_ident *, int);
void import_key(struct ipsecinit *, struct sadb_key *, int);
void import_lifetime(struct tdb *, struct sadb_lifetime *, int);
-void import_credentials(struct tdb *, struct sadb_cred *, int);
+void import_credentials(struct tdb *, struct sadb_x_cred *, int);
void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *);
int pfkeyv2_create(struct socket *);
@@ -489,7 +489,7 @@ export_address(void **p, struct sockaddr *sa)
* Import authentication information into the TDB.
*/
void
-import_auth(struct tdb *tdb, struct sadb_cred *sadb_auth, int dstauth)
+import_auth(struct tdb *tdb, struct sadb_x_cred *sadb_auth, int dstauth)
{
struct ipsec_ref **ipr;
@@ -502,15 +502,15 @@ import_auth(struct tdb *tdb, struct sadb_cred *sadb_auth, int dstauth)
ipr = &tdb->tdb_local_auth;
MALLOC(*ipr, struct ipsec_ref *, EXTLEN(sadb_auth) -
- sizeof(struct sadb_cred) + sizeof(struct ipsec_ref),
+ sizeof(struct sadb_x_cred) + sizeof(struct ipsec_ref),
M_CREDENTIALS, M_WAITOK);
- (*ipr)->ref_len = EXTLEN(sadb_auth) - sizeof(struct sadb_cred);
- switch (sadb_auth->sadb_cred_type)
+ (*ipr)->ref_len = EXTLEN(sadb_auth) - sizeof(struct sadb_x_cred);
+ switch (sadb_auth->sadb_x_cred_type)
{
- case SADB_AUTHTYPE_PASSPHRASE:
+ case SADB_X_AUTHTYPE_PASSPHRASE:
(*ipr)->ref_type = IPSP_AUTH_PASSPHRASE;
break;
- case SADB_AUTHTYPE_RSA:
+ case SADB_X_AUTHTYPE_RSA:
(*ipr)->ref_type = IPSP_AUTH_RSA;
break;
default:
@@ -520,7 +520,7 @@ import_auth(struct tdb *tdb, struct sadb_cred *sadb_auth, int dstauth)
}
(*ipr)->ref_count = 1;
(*ipr)->ref_malloctype = M_CREDENTIALS;
- bcopy((void *) sadb_auth + sizeof(struct sadb_cred),
+ bcopy((void *) sadb_auth + sizeof(struct sadb_x_cred),
(*ipr) + 1, (*ipr)->ref_len);
}
@@ -528,7 +528,7 @@ import_auth(struct tdb *tdb, struct sadb_cred *sadb_auth, int dstauth)
* Import a set of credentials into the TDB.
*/
void
-import_credentials(struct tdb *tdb, struct sadb_cred *sadb_cred, int dstcred)
+import_credentials(struct tdb *tdb, struct sadb_x_cred *sadb_cred, int dstcred)
{
struct ipsec_ref **ipr;
@@ -541,15 +541,15 @@ import_credentials(struct tdb *tdb, struct sadb_cred *sadb_cred, int dstcred)
ipr = &tdb->tdb_local_cred;
MALLOC(*ipr, struct ipsec_ref *, EXTLEN(sadb_cred) -
- sizeof(struct sadb_cred) + sizeof(struct ipsec_ref),
+ sizeof(struct sadb_x_cred) + sizeof(struct ipsec_ref),
M_CREDENTIALS, M_WAITOK);
- (*ipr)->ref_len = EXTLEN(sadb_cred) - sizeof(struct sadb_cred);
- switch (sadb_cred->sadb_cred_type)
+ (*ipr)->ref_len = EXTLEN(sadb_cred) - sizeof(struct sadb_x_cred);
+ switch (sadb_cred->sadb_x_cred_type)
{
- case SADB_CREDTYPE_X509:
+ case SADB_X_CREDTYPE_X509:
(*ipr)->ref_type = IPSP_CRED_X509;
break;
- case SADB_CREDTYPE_KEYNOTE:
+ case SADB_X_CREDTYPE_KEYNOTE:
(*ipr)->ref_type = IPSP_CRED_KEYNOTE;
break;
default:
@@ -559,7 +559,7 @@ import_credentials(struct tdb *tdb, struct sadb_cred *sadb_cred, int dstcred)
}
(*ipr)->ref_count = 1;
(*ipr)->ref_malloctype = M_CREDENTIALS;
- bcopy((void *) sadb_cred + sizeof(struct sadb_cred),
+ bcopy((void *) sadb_cred + sizeof(struct sadb_x_cred),
(*ipr) + 1, (*ipr)->ref_len);
}
@@ -594,7 +594,7 @@ import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type)
case SADB_IDENTTYPE_USERFQDN:
(*ipr)->ref_type = IPSP_IDENTITY_USERFQDN;
break;
- case SADB_IDENTTYPE_CONNECTION:
+ case SADB_X_IDENTTYPE_CONNECTION:
(*ipr)->ref_type = IPSP_IDENTITY_CONNECTION;
break;
default:
@@ -612,26 +612,26 @@ void
export_credentials(void **p, struct tdb *tdb, int dstcred)
{
struct ipsec_ref **ipr;
- struct sadb_cred *sadb_cred = (struct sadb_cred *) *p;
+ struct sadb_x_cred *sadb_cred = (struct sadb_x_cred *) *p;
if (dstcred == PFKEYV2_CRED_REMOTE)
ipr = &tdb->tdb_remote_cred;
else
ipr = &tdb->tdb_local_cred;
- sadb_cred->sadb_cred_len = (sizeof(struct sadb_cred) +
- PADUP((*ipr)->ref_len)) / sizeof(uint64_t);
+ sadb_cred->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +
+ PADUP((*ipr)->ref_len)) / sizeof(uint64_t);
switch ((*ipr)->ref_type)
{
case IPSP_CRED_KEYNOTE:
- sadb_cred->sadb_cred_type = SADB_CREDTYPE_KEYNOTE;
+ sadb_cred->sadb_x_cred_type = SADB_X_CREDTYPE_KEYNOTE;
break;
case IPSP_CRED_X509:
- sadb_cred->sadb_cred_type = SADB_CREDTYPE_X509;
+ sadb_cred->sadb_x_cred_type = SADB_X_CREDTYPE_X509;
break;
}
- *p += sizeof(struct sadb_cred);
+ *p += sizeof(struct sadb_x_cred);
bcopy((*ipr) + 1, *p, (*ipr)->ref_len);
*p += PADUP((*ipr)->ref_len);
}
@@ -640,26 +640,26 @@ void
export_auth(void **p, struct tdb *tdb, int dstauth)
{
struct ipsec_ref **ipr;
- struct sadb_cred *sadb_auth = (struct sadb_cred *) *p;
+ struct sadb_x_cred *sadb_auth = (struct sadb_x_cred *) *p;
if (dstauth == PFKEYV2_AUTH_REMOTE)
ipr = &tdb->tdb_remote_auth;
else
ipr = &tdb->tdb_local_auth;
- sadb_auth->sadb_cred_len = (sizeof(struct sadb_cred) +
- PADUP((*ipr)->ref_len)) / sizeof(uint64_t);
+ sadb_auth->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +
+ PADUP((*ipr)->ref_len)) / sizeof(uint64_t);
switch ((*ipr)->ref_type)
{
case IPSP_CRED_KEYNOTE:
- sadb_auth->sadb_cred_type = SADB_CREDTYPE_KEYNOTE;
+ sadb_auth->sadb_x_cred_type = SADB_X_CREDTYPE_KEYNOTE;
break;
case IPSP_CRED_X509:
- sadb_auth->sadb_cred_type = SADB_CREDTYPE_X509;
+ sadb_auth->sadb_x_cred_type = SADB_X_CREDTYPE_X509;
break;
}
- *p += sizeof(struct sadb_cred);
+ *p += sizeof(struct sadb_x_cred);
bcopy((*ipr) + 1, *p, (*ipr)->ref_len);
*p += PADUP((*ipr)->ref_len);
}
@@ -689,7 +689,7 @@ export_identity(void **p, struct tdb *tdb, int type)
sadb_ident->sadb_ident_type = SADB_IDENTTYPE_USERFQDN;
break;
case IPSP_IDENTITY_CONNECTION:
- sadb_ident->sadb_ident_type = SADB_IDENTTYPE_CONNECTION;
+ sadb_ident->sadb_ident_type = SADB_X_IDENTTYPE_CONNECTION;
break;
}
*p += sizeof(struct sadb_ident);
@@ -1448,7 +1448,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
/* Find TDB */
sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_GETSPROTO(smsg->sadb_msg_satype));
+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));
/* If there's no such SA, we're done */
if (sa2 == NULL)
@@ -1565,7 +1565,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
s = spltdb();
sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_GETSPROTO(smsg->sadb_msg_satype));
+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));
/* We can't add an existing SA! */
if (sa2 != NULL)
@@ -1660,7 +1660,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
s = spltdb();
sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_GETSPROTO(smsg->sadb_msg_satype));
+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));
if (sa2 == NULL)
{
rval = ESRCH;
@@ -1676,7 +1676,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
case SADB_X_ASKPOLICY:
/* Get the relevant policy */
- ipa = ipsec_get_acquire(((struct sadb_policy *) headers[SADB_X_EXT_POLICY])->sadb_policy_seq);
+ ipa = ipsec_get_acquire(((struct sadb_x_policy *) headers[SADB_X_EXT_POLICY])->sadb_x_policy_seq);
if (ipa == NULL)
{
rval = ESRCH;
@@ -1696,7 +1696,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
s = spltdb();
sa2 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_GETSPROTO(smsg->sadb_msg_satype));
+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));
if (sa2 == NULL)
{
rval = ESRCH;
@@ -1826,7 +1826,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
s = spltdb();
tdb1 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_GETSPROTO(smsg->sadb_msg_satype));
+ SADB_X_GETSPROTO(smsg->sadb_msg_satype));
if (tdb1 == NULL)
{
rval = ESRCH;
@@ -1839,7 +1839,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
sa_proto = ((struct sadb_protocol *) headers[SADB_X_EXT_PROTOCOL]);
tdb2 = gettdb(ssa->sadb_sa_spi, sunionp,
- SADB_GETSPROTO(sa_proto->sadb_protocol_proto));
+ SADB_X_GETSPROTO(sa_proto->sadb_protocol_proto));
if (tdb2 == NULL)
{
rval = ESRCH;
@@ -2056,27 +2056,27 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
switch (((struct sadb_protocol *) headers[SADB_X_EXT_FLOW_TYPE])->sadb_protocol_proto)
{
- case FLOW_X_TYPE_USE:
+ case SADB_X_FLOW_TYPE_USE:
ipo->ipo_type = IPSP_IPSEC_USE;
break;
- case FLOW_X_TYPE_ACQUIRE:
+ case SADB_X_FLOW_TYPE_ACQUIRE:
ipo->ipo_type = IPSP_IPSEC_ACQUIRE;
break;
- case FLOW_X_TYPE_REQUIRE:
+ case SADB_X_FLOW_TYPE_REQUIRE:
ipo->ipo_type = IPSP_IPSEC_REQUIRE;
break;
- case FLOW_X_TYPE_DENY:
+ case SADB_X_FLOW_TYPE_DENY:
ipo->ipo_type = IPSP_DENY;
break;
- case FLOW_X_TYPE_BYPASS:
+ case SADB_X_FLOW_TYPE_BYPASS:
ipo->ipo_type = IPSP_PERMIT;
break;
- case FLOW_X_TYPE_DONTACQ:
+ case SADB_X_FLOW_TYPE_DONTACQ:
ipo->ipo_type = IPSP_IPSEC_DONTACQ;
break;
@@ -2112,7 +2112,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
ipo->ipo_src.sa.sa_len = src->sa.sa_len;
}
- ipo->ipo_sproto = SADB_GETSPROTO(smsg->sadb_msg_satype);
+ ipo->ipo_sproto = SADB_X_GETSPROTO(smsg->sadb_msg_satype);
if (ipo->ipo_srcid)
{
ipsp_reffree(ipo->ipo_srcid);
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 7677e8d4a29..371714dc037 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -12,7 +12,11 @@ didn't get a copy, you may request one from <license@ipv6.nrl.navy.mil>.
#ifndef _NET_PFKEY_V2_H
#define _NET_PFKEY_V2_H 1
-#define PF_KEY_V2 2
+#define PF_KEY_V2 2
+#define PFKEYV2_REVISION 199806L
+
+/* This should be updated whenever the API is altered. */
+#define _OPENBSD_IPSEC_API_VERSION 2
#define SADB_RESERVED 0
#define SADB_GETSPI 1
@@ -157,22 +161,24 @@ struct sadb_protocol {
uint16_t sadb_protocol_reserved2;
};
-struct sadb_policy {
- uint16_t sadb_policy_len;
- uint16_t sadb_policy_exttype;
- u_int32_t sadb_policy_seq;
+struct sadb_x_policy {
+ uint16_t sadb_x_policy_len;
+ uint16_t sadb_x_policy_exttype;
+ u_int32_t sadb_x_policy_seq;
};
-struct sadb_cred {
- uint16_t sadb_cred_len;
- uint16_t sadb_cred_exttype;
- uint16_t sadb_cred_type;
- uint16_t sadb_cred_reserved;
+struct sadb_x_cred {
+ uint16_t sadb_x_cred_len;
+ uint16_t sadb_x_cred_exttype;
+ uint16_t sadb_x_cred_type;
+ uint16_t sadb_x_cred_reserved;
};
-#define SADB_GETSPROTO(x) ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\
+#ifdef _KERNEL
+#define SADB_X_GETSPROTO(x) ( (x) == SADB_SATYPE_AH ? IPPROTO_AH :\
(x) == SADB_SATYPE_ESP ? IPPROTO_ESP :\
IPPROTO_IPIP )
+#endif
#define SADB_EXT_RESERVED 0
#define SADB_EXT_SA 1
@@ -259,15 +265,16 @@ struct sadb_cred {
#define SADB_X_SAFLAGS_RANDOMPADDING 0x080 /* Random ESP padding */
#define SADB_X_SAFLAGS_NOREPLAY 0x100 /* No replay counter */
-#define SADB_IDENTTYPE_RESERVED 0
-#define SADB_IDENTTYPE_PREFIX 1
-#define SADB_IDENTTYPE_FQDN 2
-#define SADB_IDENTTYPE_USERFQDN 3
-#define SADB_IDENTTYPE_CONNECTION 4
-#define SADB_IDENTTYPE_MAX 4
+#define SADB_IDENTTYPE_RESERVED 0
+#define SADB_IDENTTYPE_PREFIX 1
+#define SADB_IDENTTYPE_FQDN 2
+#define SADB_IDENTTYPE_USERFQDN 3
+#define SADB_X_IDENTTYPE_CONNECTION 4
+#define SADB_IDENTTYPE_MAX 4
#define SADB_KEY_FLAGS_MAX 0
+#ifdef _KERNEL
#define PFKEYV2_LIFETIME_HARD 0
#define PFKEYV2_LIFETIME_SOFT 1
#define PFKEYV2_LIFETIME_CURRENT 2
@@ -284,31 +291,32 @@ struct sadb_cred {
#define PFKEYV2_SENDMESSAGE_UNICAST 1
#define PFKEYV2_SENDMESSAGE_REGISTERED 2
#define PFKEYV2_SENDMESSAGE_BROADCAST 3
+#endif /* _KERNEL */
-#define SADB_CREDTYPE_NONE 0
-#define SADB_CREDTYPE_X509 1 /* ASN1 encoding of the certificate */
-#define SADB_CREDTYPE_KEYNOTE 2 /* NUL-terminated buffer */
-#define SADB_CREDTYPE_MAX 3
+#define SADB_X_CREDTYPE_NONE 0
+#define SADB_X_CREDTYPE_X509 1 /* ASN1 encoding of the certificate */
+#define SADB_X_CREDTYPE_KEYNOTE 2 /* NUL-terminated buffer */
+#define SADB_X_CREDTYPE_MAX 3
+#ifdef _KERNEL
#define PFKEYV2_AUTH_LOCAL 0
#define PFKEYV2_AUTH_REMOTE 1
#define PFKEYV2_CRED_LOCAL 0
#define PFKEYV2_CRED_REMOTE 1
+#endif /* _KERNEL */
-#define SADB_AUTHTYPE_NONE 0
-#define SADB_AUTHTYPE_PASSPHRASE 1
-#define SADB_AUTHTYPE_RSA 2
-#define SADB_AUTHTYPE_MAX 2
-
-#define FLOW_X_TYPE_USE 1
-#define FLOW_X_TYPE_ACQUIRE 2
-#define FLOW_X_TYPE_REQUIRE 3
-#define FLOW_X_TYPE_BYPASS 4
-#define FLOW_X_TYPE_DENY 5
-#define FLOW_X_TYPE_DONTACQ 6
-
-#define OPENBSD_IPSEC_API_VERSION 1
+#define SADB_X_AUTHTYPE_NONE 0
+#define SADB_X_AUTHTYPE_PASSPHRASE 1
+#define SADB_X_AUTHTYPE_RSA 2
+#define SADB_X_AUTHTYPE_MAX 2
+
+#define SADB_X_FLOW_TYPE_USE 1
+#define SADB_X_FLOW_TYPE_ACQUIRE 2
+#define SADB_X_FLOW_TYPE_REQUIRE 3
+#define SADB_X_FLOW_TYPE_BYPASS 4
+#define SADB_X_FLOW_TYPE_DENY 5
+#define SADB_X_FLOW_TYPE_DONTACQ 6
#ifdef _KERNEL
struct tdb;
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 6cb22bff990..825d7840374 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -314,7 +314,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
return EINVAL;
break;
case SADB_X_EXT_POLICY:
- if (i != sizeof(struct sadb_policy))
+ if (i != sizeof(struct sadb_x_policy))
return EINVAL;
break;
case SADB_EXT_LIFETIME_CURRENT:
@@ -423,30 +423,30 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
case SADB_X_EXT_LOCAL_AUTH:
case SADB_X_EXT_REMOTE_AUTH:
{
- struct sadb_cred *sadb_cred = (struct sadb_cred *)p;
+ struct sadb_x_cred *sadb_cred = (struct sadb_x_cred *)p;
- if (i < sizeof(struct sadb_cred))
+ if (i < sizeof(struct sadb_x_cred))
return EINVAL;
- if (sadb_cred->sadb_cred_type > SADB_AUTHTYPE_MAX)
+ if (sadb_cred->sadb_x_cred_type > SADB_X_AUTHTYPE_MAX)
return EINVAL;
- if (sadb_cred->sadb_cred_reserved)
+ if (sadb_cred->sadb_x_cred_reserved)
return EINVAL;
}
break;
case SADB_X_EXT_LOCAL_CREDENTIALS:
case SADB_X_EXT_REMOTE_CREDENTIALS:
{
- struct sadb_cred *sadb_cred = (struct sadb_cred *)p;
+ struct sadb_x_cred *sadb_cred = (struct sadb_x_cred *)p;
- if (i < sizeof(struct sadb_cred))
+ if (i < sizeof(struct sadb_x_cred))
return EINVAL;
- if (sadb_cred->sadb_cred_type > SADB_CREDTYPE_MAX)
+ if (sadb_cred->sadb_x_cred_type > SADB_X_CREDTYPE_MAX)
return EINVAL;
- if (sadb_cred->sadb_cred_reserved)
+ if (sadb_cred->sadb_x_cred_reserved)
return EINVAL;
}
break;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 10:04:00 +0000