summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sbin/iked/config.c10
-rw-r--r--sbin/iked/iked.h20
-rw-r--r--sbin/iked/ikev2.c32
-rw-r--r--sbin/iked/pfkey.c128
-rw-r--r--sbin/iked/policy.c4
5 files changed, 97 insertions, 97 deletions
diff --git a/sbin/iked/config.c b/sbin/iked/config.c
index 50b73b67c1a..e745da5b22b 100644
--- a/sbin/iked/config.c
+++ b/sbin/iked/config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: config.c,v 1.82 2021/10/12 09:27:21 tobhe Exp $ */
+/* $OpenBSD: config.c,v 1.83 2021/11/24 20:48:00 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -320,12 +320,12 @@ config_free_childsas(struct iked *env, struct iked_childsas *head,
TAILQ_REMOVE(head, csa, csa_entry);
if (csa->csa_loaded) {
RB_REMOVE(iked_activesas, &env->sc_activesas, csa);
- (void)pfkey_sa_delete(env->sc_pfkey, csa);
+ (void)pfkey_sa_delete(env, csa);
}
if ((ipcomp = csa->csa_bundled) != NULL) {
log_debug("%s: free IPCOMP %p", __func__, ipcomp);
if (ipcomp->csa_loaded)
- (void)pfkey_sa_delete(env->sc_pfkey, ipcomp);
+ (void)pfkey_sa_delete(env, ipcomp);
childsa_free(ipcomp);
}
childsa_free(csa);
@@ -482,7 +482,7 @@ config_setcoupled(struct iked *env, unsigned int couple)
int
config_getcoupled(struct iked *env, unsigned int type)
{
- return (pfkey_couple(env->sc_pfkey, &env->sc_sas,
+ return (pfkey_couple(env, &env->sc_sas,
type == IMSG_CTL_COUPLE ? 1 : 0));
}
@@ -639,7 +639,7 @@ config_setpfkey(struct iked *env)
{
int s;
- if ((s = pfkey_socket()) == -1)
+ if ((s = pfkey_socket(env)) == -1)
return (-1);
proc_compose_imsg(&env->sc_ps, PROC_IKEV2, -1,
IMSG_PFKEY_SOCKET, -1, s, NULL, 0);
diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h
index 6843d4b2938..839c337ad71 100644
--- a/sbin/iked/iked.h
+++ b/sbin/iked/iked.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: iked.h,v 1.195 2021/10/26 17:31:22 tobhe Exp $ */
+/* $OpenBSD: iked.h,v 1.196 2021/11/24 20:48:00 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -1096,16 +1096,16 @@ int eap_mschap_success(struct iked *, struct iked_sa *, int);
int eap_challenge_request(struct iked *, struct iked_sa *, int);
/* pfkey.c */
-int pfkey_couple(int, struct iked_sas *, int);
-int pfkey_flow_add(int fd, struct iked_flow *);
-int pfkey_flow_delete(int fd, struct iked_flow *);
-int pfkey_sa_init(int, struct iked_childsa *, uint32_t *);
-int pfkey_sa_add(int, struct iked_childsa *, struct iked_childsa *);
-int pfkey_sa_update_addresses(int, struct iked_childsa *);
-int pfkey_sa_delete(int, struct iked_childsa *);
-int pfkey_sa_last_used(int, struct iked_childsa *, uint64_t *);
+int pfkey_couple(struct iked *, struct iked_sas *, int);
+int pfkey_flow_add(struct iked *, struct iked_flow *);
+int pfkey_flow_delete(struct iked *, struct iked_flow *);
+int pfkey_sa_init(struct iked *, struct iked_childsa *, uint32_t *);
+int pfkey_sa_add(struct iked *, struct iked_childsa *, struct iked_childsa *);
+int pfkey_sa_update_addresses(struct iked *, struct iked_childsa *);
+int pfkey_sa_delete(struct iked *, struct iked_childsa *);
+int pfkey_sa_last_used(struct iked *, struct iked_childsa *, uint64_t *);
int pfkey_flush(int);
-int pfkey_socket(void);
+int pfkey_socket(struct iked *);
void pfkey_init(struct iked *, int fd);
/* ca.c */
diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c
index 718b133a347..edc5c3fd067 100644
--- a/sbin/iked/ikev2.c
+++ b/sbin/iked/ikev2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ikev2.c,v 1.334 2021/11/23 13:52:51 tobhe Exp $ */
+/* $OpenBSD: ikev2.c,v 1.335 2021/11/24 20:48:00 tobhe Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
@@ -1991,7 +1991,7 @@ ikev2_add_ipcompnotify(struct iked *env, struct ibuf *e,
csa.csa_ikesa = sa;
csa.csa_local = &sa->sa_peer;
csa.csa_peer = &sa->sa_local;
- if (pfkey_sa_init(env->sc_pfkey, &csa, &spi) == -1)
+ if (pfkey_sa_init(env, &csa, &spi) == -1)
return (-1);
ic->ic_cpi_in = spi;
} else {
@@ -2490,7 +2490,7 @@ ikev2_add_proposals(struct iked *env, struct iked_sa *sa, struct ibuf *buf,
csa.csa_local = &sa->sa_peer;
csa.csa_peer = &sa->sa_local;
- if (pfkey_sa_init(env->sc_pfkey, &csa, &spi) == -1)
+ if (pfkey_sa_init(env, &csa, &spi) == -1)
return (-1);
}
@@ -4978,7 +4978,7 @@ ikev2_ike_sa_alive(struct iked *env, void *arg)
TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) {
if (!csa->csa_loaded)
continue;
- if (pfkey_sa_last_used(env->sc_pfkey, csa, &last_used) != 0)
+ if (pfkey_sa_last_used(env, csa, &last_used) != 0)
continue;
diff = (uint32_t)(gettime() - last_used);
log_debug("%s: %s CHILD SA spi %s last used %llu second(s) ago",
@@ -6086,7 +6086,7 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa,
csa->csa_local = &sa->sa_peer;
csa->csa_peer = &sa->sa_local;
- if ((ret = pfkey_sa_init(env->sc_pfkey, csa,
+ if ((ret = pfkey_sa_init(env, csa,
&spi)) != 0)
goto done;
csa->csa_allocated = 1;
@@ -6166,7 +6166,7 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa,
ic->ic_transform = 0;
ic->ic_cpi_in = ic->ic_cpi_out = 0;
} else {
- if ((ret = pfkey_sa_init(env->sc_pfkey, csa2,
+ if ((ret = pfkey_sa_init(env, csa2,
&spi)) != 0)
goto done;
ic->ic_cpi_in = spi;
@@ -6246,14 +6246,14 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa *sa)
continue;
}
- if (pfkey_sa_add(env->sc_pfkey, csa, NULL) != 0) {
+ if (pfkey_sa_add(env, csa, NULL) != 0) {
log_debug("%s: failed to load CHILD SA spi %s",
__func__, print_spi(csa->csa_spi.spi,
csa->csa_spi.spi_size));
return (-1);
}
if (ipcomp) {
- if (pfkey_sa_add(env->sc_pfkey, ipcomp, csa) != 0) {
+ if (pfkey_sa_add(env, ipcomp, csa) != 0) {
log_debug("%s: failed to load IPCOMP spi %s",
__func__, print_spi(ipcomp->csa_spi.spi,
ipcomp->csa_spi.spi_size));
@@ -6319,12 +6319,12 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa *sa)
continue;
}
RB_REMOVE(iked_flows, &env->sc_activeflows, flow);
- (void)pfkey_flow_delete(env->sc_pfkey, flow);
+ (void)pfkey_flow_delete(env, flow);
flow->flow_loaded = 0; /* we did RB_REMOVE */
reload = 1;
}
- if (pfkey_flow_add(env->sc_pfkey, flow) != 0) {
+ if (pfkey_flow_add(env, flow) != 0) {
log_debug("%s: failed to load flow", __func__);
return (-1);
}
@@ -6405,7 +6405,7 @@ ikev2_childsa_delete(struct iked *env, struct iked_sa *sa, uint8_t saproto,
if (csa->csa_loaded)
RB_REMOVE(iked_activesas, &env->sc_activesas, csa);
- if (pfkey_sa_delete(env->sc_pfkey, csa) != 0)
+ if (pfkey_sa_delete(env, csa) != 0)
log_info("%s: failed to delete CHILD SA spi %s",
SPI_SA(sa, __func__), print_spi(csa->csa_spi.spi,
csa->csa_spi.spi_size));
@@ -6421,7 +6421,7 @@ ikev2_childsa_delete(struct iked *env, struct iked_sa *sa, uint8_t saproto,
ipcomp = csa->csa_bundled;
if (ipcomp) {
if (ipcomp->csa_loaded) {
- if (pfkey_sa_delete(env->sc_pfkey, ipcomp) != 0)
+ if (pfkey_sa_delete(env, ipcomp) != 0)
log_info("%s: failed to delete IPCOMP"
" SA spi %s", SPI_SA(sa, __func__),
print_spi(ipcomp->csa_spi.spi,
@@ -7156,11 +7156,11 @@ ikev2_update_sa_addresses(struct iked *env, struct iked_sa *sa)
TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) {
if (!csa->csa_loaded)
continue;
- if (pfkey_sa_update_addresses(env->sc_pfkey, csa) != 0)
+ if (pfkey_sa_update_addresses(env, csa) != 0)
log_debug("%s: failed to update sa", __func__);
if ((ipcomp = csa->csa_bundled) != NULL &&
ipcomp->csa_loaded)
- if (pfkey_sa_update_addresses(env->sc_pfkey, ipcomp)
+ if (pfkey_sa_update_addresses(env, ipcomp)
!= 0)
log_debug("%s: failed to update sa", __func__);
}
@@ -7169,10 +7169,10 @@ ikev2_update_sa_addresses(struct iked *env, struct iked_sa *sa)
TAILQ_FOREACH(flow, &sa->sa_flows, flow_entry) {
if (flow->flow_loaded) {
RB_REMOVE(iked_flows, &env->sc_activeflows, flow);
- (void)pfkey_flow_delete(env->sc_pfkey, flow);
+ (void)pfkey_flow_delete(env, flow);
flow->flow_loaded = 0;
}
- if (pfkey_flow_add(env->sc_pfkey, flow) != 0)
+ if (pfkey_flow_add(env, flow) != 0)
log_debug("%s: failed to add flow %p", __func__, flow);
if (!flow->flow_loaded)
continue;
diff --git a/sbin/iked/pfkey.c b/sbin/iked/pfkey.c
index 4ec1efc7847..00d6c0fe830 100644
--- a/sbin/iked/pfkey.c
+++ b/sbin/iked/pfkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkey.c,v 1.77 2021/03/02 03:31:25 jsg Exp $ */
+/* $OpenBSD: pfkey.c,v 1.78 2021/11/24 20:48:00 tobhe Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -101,17 +101,17 @@ static const struct pfkey_constmap pfkey_satype[] = {
};
int pfkey_map(const struct pfkey_constmap *, uint16_t, uint8_t *);
-int pfkey_flow(int, uint8_t, uint8_t, struct iked_flow *);
-int pfkey_sa(int, uint8_t, uint8_t, struct iked_childsa *);
-int pfkey_sa_getspi(int, uint8_t, struct iked_childsa *, uint32_t *);
-int pfkey_sagroup(int, uint8_t, uint8_t,
+int pfkey_flow(struct iked *, uint8_t, uint8_t, struct iked_flow *);
+int pfkey_sa(struct iked *, uint8_t, uint8_t, struct iked_childsa *);
+int pfkey_sa_getspi(struct iked *, uint8_t, struct iked_childsa *, uint32_t *);
+int pfkey_sagroup(struct iked *, uint8_t, uint8_t,
struct iked_childsa *, struct iked_childsa *);
int pfkey_write(int, struct sadb_msg *, struct iovec *, int,
uint8_t **, ssize_t *);
int pfkey_reply(int, uint8_t **, ssize_t *);
void pfkey_dispatch(int, short, void *);
-int pfkey_sa_lookup(int, struct iked_childsa *, uint64_t *);
-int pfkey_sa_check_exists(int, struct iked_childsa *);
+int pfkey_sa_lookup(struct iked *, struct iked_childsa *, uint64_t *);
+int pfkey_sa_check_exists(struct iked *, struct iked_childsa *);
struct sadb_ident *
pfkey_id2ident(struct iked_id *, unsigned int);
@@ -121,7 +121,7 @@ void pfkey_timer_cb(int, short, void *);
int pfkey_process(struct iked *, struct pfkey_message *);
int
-pfkey_couple(int sd, struct iked_sas *sas, int couple)
+pfkey_couple(struct iked *env, struct iked_sas *sas, int couple)
{
struct iked_sa *sa;
struct iked_flow *flow;
@@ -129,7 +129,7 @@ pfkey_couple(int sd, struct iked_sas *sas, int couple)
const char *mode[] = { "coupled", "decoupled" };
/* Socket is not ready */
- if (sd == -1)
+ if (env->sc_pfkey == -1)
return (-1);
if (sadb_decoupled == !couple)
@@ -144,21 +144,21 @@ pfkey_couple(int sd, struct iked_sas *sas, int couple)
RB_FOREACH(sa, iked_sas, sas) {
TAILQ_FOREACH(csa, &sa->sa_childsas, csa_entry) {
if (!csa->csa_loaded && couple)
- (void)pfkey_sa_add(sd, csa, NULL);
+ (void)pfkey_sa_add(env, csa, NULL);
else if (csa->csa_loaded && !couple)
- (void)pfkey_sa_delete(sd, csa);
+ (void)pfkey_sa_delete(env, csa);
if ((ipcomp = csa->csa_bundled) != NULL) {
if (!ipcomp->csa_loaded && couple)
- (void)pfkey_sa_add(sd, ipcomp, csa);
+ (void)pfkey_sa_add(env, ipcomp, csa);
else if (ipcomp->csa_loaded && !couple)
- (void)pfkey_sa_delete(sd, ipcomp);
+ (void)pfkey_sa_delete(env, ipcomp);
}
}
TAILQ_FOREACH(flow, &sa->sa_flows, flow_entry) {
if (!flow->flow_loaded && couple)
- (void)pfkey_flow_add(sd, flow);
+ (void)pfkey_flow_add(env, flow);
else if (flow->flow_loaded && !couple)
- (void)pfkey_flow_delete(sd, flow);
+ (void)pfkey_flow_delete(env, flow);
}
}
@@ -181,7 +181,7 @@ pfkey_map(const struct pfkey_constmap *map, uint16_t alg, uint8_t *pfkalg)
}
int
-pfkey_flow(int sd, uint8_t satype, uint8_t action, struct iked_flow *flow)
+pfkey_flow(struct iked *env, uint8_t satype, uint8_t action, struct iked_flow *flow)
{
struct sadb_msg smsg;
struct iked_addr *flow_src, *flow_dst;
@@ -442,7 +442,7 @@ pfkey_flow(int sd, uint8_t satype, uint8_t action, struct iked_flow *flow)
}
#undef PAD
- ret = pfkey_write(sd, &smsg, iov, iov_cnt, NULL, NULL);
+ ret = pfkey_write(env->sc_pfkey, &smsg, iov, iov_cnt, NULL, NULL);
free(sa_srcid);
free(sa_dstid);
@@ -451,7 +451,7 @@ pfkey_flow(int sd, uint8_t satype, uint8_t action, struct iked_flow *flow)
}
int
-pfkey_sa(int sd, uint8_t satype, uint8_t action, struct iked_childsa *sa)
+pfkey_sa(struct iked *env, uint8_t satype, uint8_t action, struct iked_childsa *sa)
{
struct sadb_msg smsg;
struct sadb_sa sadb;
@@ -832,7 +832,7 @@ pfkey_sa(int sd, uint8_t satype, uint8_t action, struct iked_childsa *sa)
}
#undef PAD
- ret = pfkey_write(sd, &smsg, iov, iov_cnt, NULL, NULL);
+ ret = pfkey_write(env->sc_pfkey, &smsg, iov, iov_cnt, NULL, NULL);
free(sa_srcid);
free(sa_dstid);
@@ -841,7 +841,7 @@ pfkey_sa(int sd, uint8_t satype, uint8_t action, struct iked_childsa *sa)
}
int
-pfkey_sa_lookup(int sd, struct iked_childsa *sa, uint64_t *last_used)
+pfkey_sa_lookup(struct iked *env, struct iked_childsa *sa, uint64_t *last_used)
{
struct iked_policy *pol = sa->csa_ikesa->sa_policy;
struct sadb_msg *msg, smsg;
@@ -958,7 +958,7 @@ pfkey_sa_lookup(int sd, struct iked_childsa *sa, uint64_t *last_used)
iov_cnt++;
}
- if ((ret = pfkey_write(sd, &smsg, iov, iov_cnt, &data, &n)) != 0)
+ if ((ret = pfkey_write(env->sc_pfkey, &smsg, iov, iov_cnt, &data, &n)) != 0)
return (-1);
msg = (struct sadb_msg *)data;
@@ -989,19 +989,19 @@ done:
}
int
-pfkey_sa_last_used(int sd, struct iked_childsa *sa, uint64_t *last_used)
+pfkey_sa_last_used(struct iked *env, struct iked_childsa *sa, uint64_t *last_used)
{
- return pfkey_sa_lookup(sd, sa, last_used);
+ return pfkey_sa_lookup(env, sa, last_used);
}
int
-pfkey_sa_check_exists(int sd, struct iked_childsa *sa)
+pfkey_sa_check_exists(struct iked *env, struct iked_childsa *sa)
{
- return pfkey_sa_lookup(sd, sa, NULL);
+ return pfkey_sa_lookup(env, sa, NULL);
}
int
-pfkey_sa_getspi(int sd, uint8_t satype, struct iked_childsa *sa,
+pfkey_sa_getspi(struct iked *env, uint8_t satype, struct iked_childsa *sa,
uint32_t *spip)
{
struct sadb_msg *msg, smsg;
@@ -1097,7 +1097,7 @@ pfkey_sa_getspi(int sd, uint8_t satype, struct iked_childsa *sa,
*spip = 0;
- if ((ret = pfkey_write(sd, &smsg, iov, iov_cnt, &data, &n)) != 0)
+ if ((ret = pfkey_write(env->sc_pfkey, &smsg, iov, iov_cnt, &data, &n)) != 0)
return (-1);
msg = (struct sadb_msg *)data;
@@ -1122,7 +1122,7 @@ done:
}
int
-pfkey_sagroup(int sd, uint8_t satype1, uint8_t action,
+pfkey_sagroup(struct iked *env, uint8_t satype1, uint8_t action,
struct iked_childsa *sa1, struct iked_childsa *sa2)
{
struct sadb_msg smsg;
@@ -1278,11 +1278,11 @@ pfkey_sagroup(int sd, uint8_t satype1, uint8_t action,
#undef PAD
- return (pfkey_write(sd, &smsg, iov, iov_cnt, NULL, NULL));
+ return (pfkey_write(env->sc_pfkey, &smsg, iov, iov_cnt, NULL, NULL));
}
int
-pfkey_write(int sd, struct sadb_msg *smsg, struct iovec *iov, int iov_cnt,
+pfkey_write(int fd, struct sadb_msg *smsg, struct iovec *iov, int iov_cnt,
uint8_t **datap, ssize_t *lenp)
{
ssize_t n, len = smsg->sadb_msg_len * 8;
@@ -1302,7 +1302,7 @@ pfkey_write(int sd, struct sadb_msg *smsg, struct iovec *iov, int iov_cnt,
}
}
- if ((n = writev(sd, iov, iov_cnt)) == -1) {
+ if ((n = writev(fd, iov, iov_cnt)) == -1) {
log_warn("%s: writev failed: type %u len %zd",
__func__, smsg->sadb_msg_type, len);
return (-1);
@@ -1311,12 +1311,12 @@ pfkey_write(int sd, struct sadb_msg *smsg, struct iovec *iov, int iov_cnt,
return (-1);
}
- return (pfkey_reply(sd, datap, lenp));
+ return (pfkey_reply(fd, datap, lenp));
}
/* wait for pfkey response and returns 0 for ok, -1 for error, -2 for timeout */
int
-pfkey_reply(int sd, uint8_t **datap, ssize_t *lenp)
+pfkey_reply(int fd, uint8_t **datap, ssize_t *lenp)
{
struct pfkey_message *pm;
struct sadb_msg hdr;
@@ -1325,7 +1325,7 @@ pfkey_reply(int sd, uint8_t **datap, ssize_t *lenp)
struct pollfd pfd[1];
int n;
- pfd[0].fd = sd;
+ pfd[0].fd = fd;
pfd[0].events = POLLIN;
for (;;) {
@@ -1346,7 +1346,7 @@ pfkey_reply(int sd, uint8_t **datap, ssize_t *lenp)
return (-2); /* retry */
}
- if (recv(sd, &hdr, sizeof(hdr), MSG_PEEK) != sizeof(hdr)) {
+ if (recv(fd, &hdr, sizeof(hdr), MSG_PEEK) != sizeof(hdr)) {
log_warn("%s: short recv", __func__);
return (-1);
}
@@ -1363,7 +1363,7 @@ pfkey_reply(int sd, uint8_t **datap, ssize_t *lenp)
}
len = hdr.sadb_msg_len * PFKEYV2_CHUNK;
- if (read(sd, data, len) != len) {
+ if (read(fd, data, len) != len) {
log_warnx("%s: short read", __func__);
free(data);
return (-1);
@@ -1414,7 +1414,7 @@ pfkey_reply(int sd, uint8_t **datap, ssize_t *lenp)
}
int
-pfkey_flow_add(int fd, struct iked_flow *flow)
+pfkey_flow_add(struct iked *env, struct iked_flow *flow)
{
uint8_t satype;
@@ -1424,7 +1424,7 @@ pfkey_flow_add(int fd, struct iked_flow *flow)
if (pfkey_map(pfkey_satype, flow->flow_saproto, &satype) == -1)
return (-1);
- if (pfkey_flow(fd, satype, SADB_X_ADDFLOW, flow) == -1)
+ if (pfkey_flow(env, satype, SADB_X_ADDFLOW, flow) == -1)
return (-1);
flow->flow_loaded = 1;
@@ -1433,7 +1433,7 @@ pfkey_flow_add(int fd, struct iked_flow *flow)
}
int
-pfkey_flow_delete(int fd, struct iked_flow *flow)
+pfkey_flow_delete(struct iked *env, struct iked_flow *flow)
{
uint8_t satype;
@@ -1443,7 +1443,7 @@ pfkey_flow_delete(int fd, struct iked_flow *flow)
if (pfkey_map(pfkey_satype, flow->flow_saproto, &satype) == -1)
return (-1);
- if (pfkey_flow(fd, satype, SADB_X_DELFLOW, flow) == -1)
+ if (pfkey_flow(env, satype, SADB_X_DELFLOW, flow) == -1)
return (-1);
flow->flow_loaded = 0;
@@ -1452,14 +1452,14 @@ pfkey_flow_delete(int fd, struct iked_flow *flow)
}
int
-pfkey_sa_init(int fd, struct iked_childsa *sa, uint32_t *spi)
+pfkey_sa_init(struct iked *env, struct iked_childsa *sa, uint32_t *spi)
{
uint8_t satype;
if (pfkey_map(pfkey_satype, sa->csa_saproto, &satype) == -1)
return (-1);
- if (pfkey_sa_getspi(fd, satype, sa, spi) == -1)
+ if (pfkey_sa_getspi(env, satype, sa, spi) == -1)
return (-1);
log_debug("%s: new spi 0x%08x", __func__, *spi);
@@ -1468,7 +1468,7 @@ pfkey_sa_init(int fd, struct iked_childsa *sa, uint32_t *spi)
}
int
-pfkey_sa_add(int fd, struct iked_childsa *sa, struct iked_childsa *last)
+pfkey_sa_add(struct iked *env, struct iked_childsa *sa, struct iked_childsa *last)
{
uint8_t satype;
unsigned int cmd;
@@ -1485,25 +1485,25 @@ pfkey_sa_add(int fd, struct iked_childsa *sa, struct iked_childsa *last)
log_debug("%s: %s spi %s", __func__, cmd == SADB_ADD ? "add": "update",
print_spi(sa->csa_spi.spi, 4));
- rval = pfkey_sa(fd, satype, cmd, sa);
+ rval = pfkey_sa(env, satype, cmd, sa);
if (rval != 0) {
if (cmd == SADB_ADD) {
if (rval == -2) {
/* timeout: check for existence */
- if (pfkey_sa_check_exists(fd, sa) == 0) {
+ if (pfkey_sa_check_exists(env, sa) == 0) {
log_debug("%s: SA exists after timeout",
__func__);
goto loaded;
}
}
- (void)pfkey_sa_delete(fd, sa);
+ (void)pfkey_sa_delete(env, sa);
return (-1);
}
if (sa->csa_allocated && !sa->csa_loaded && errno == ESRCH) {
/* Needed for recoupling local SAs */
log_debug("%s: SADB_UPDATE on local SA returned ESRCH,"
" trying SADB_ADD", __func__);
- if (pfkey_sa(fd, satype, SADB_ADD, sa) == -1)
+ if (pfkey_sa(env, satype, SADB_ADD, sa) == -1)
return (-1);
} else {
return (-1);
@@ -1512,9 +1512,9 @@ pfkey_sa_add(int fd, struct iked_childsa *sa, struct iked_childsa *last)
loaded:
if (last != NULL) {
- if (pfkey_sagroup(fd, satype,
+ if (pfkey_sagroup(env, satype,
SADB_X_GRPSPIS, sa, last) == -1) {
- (void)pfkey_sa_delete(fd, sa);
+ (void)pfkey_sa_delete(env, sa);
return (-1);
}
}
@@ -1524,7 +1524,7 @@ pfkey_sa_add(int fd, struct iked_childsa *sa, struct iked_childsa *last)
}
int
-pfkey_sa_update_addresses(int fd, struct iked_childsa *sa)
+pfkey_sa_update_addresses(struct iked *env, struct iked_childsa *sa)
{
uint8_t satype;
@@ -1538,11 +1538,11 @@ pfkey_sa_update_addresses(int fd, struct iked_childsa *sa)
if (pfkey_map(pfkey_satype, sa->csa_saproto, &satype) == -1)
return (-1);
log_debug("%s: spi %s", __func__, print_spi(sa->csa_spi.spi, 4));
- return pfkey_sa(fd, satype, IKED_SADB_UPDATE_SA_ADDRESSES, sa);
+ return pfkey_sa(env, satype, IKED_SADB_UPDATE_SA_ADDRESSES, sa);
}
int
-pfkey_sa_delete(int fd, struct iked_childsa *sa)
+pfkey_sa_delete(struct iked *env, struct iked_childsa *sa)
{
uint8_t satype;
@@ -1552,8 +1552,8 @@ pfkey_sa_delete(int fd, struct iked_childsa *sa)
if (pfkey_map(pfkey_satype, sa->csa_saproto, &satype) == -1)
return (-1);
- if (pfkey_sa(fd, satype, SADB_DELETE, sa) == -1 &&
- pfkey_sa_check_exists(fd, sa) == 0)
+ if (pfkey_sa(env, satype, SADB_DELETE, sa) == -1 &&
+ pfkey_sa_check_exists(env, sa) == 0)
return (-1);
sa->csa_loaded = 0;
@@ -1561,7 +1561,7 @@ pfkey_sa_delete(int fd, struct iked_childsa *sa)
}
int
-pfkey_flush(int sd)
+pfkey_flush(int fd)
{
struct sadb_msg smsg;
struct iovec iov[IOV_CNT];
@@ -1581,7 +1581,7 @@ pfkey_flush(int sd)
iov[iov_cnt].iov_len = sizeof(smsg);
iov_cnt++;
- return (pfkey_write(sd, &smsg, iov, iov_cnt, NULL, NULL));
+ return (pfkey_write(fd, &smsg, iov, iov_cnt, NULL, NULL));
}
struct sadb_ident *
@@ -1632,7 +1632,7 @@ pfkey_id2ident(struct iked_id *id, unsigned int exttype)
}
int
-pfkey_socket(void)
+pfkey_socket(struct iked *env)
{
int fd;
@@ -1692,7 +1692,7 @@ pfkey_init(struct iked *env, int fd)
iov.iov_base = &smsg;
iov.iov_len = sizeof(smsg);
- if (pfkey_write(fd, &smsg, &iov, 1, NULL, NULL))
+ if (pfkey_write(env->sc_pfkey, &smsg, &iov, 1, NULL, NULL))
fatal("pfkey_init: failed to set up AH acquires");
}
@@ -1713,7 +1713,7 @@ pfkey_find_ext(uint8_t *data, ssize_t len, int type)
}
void
-pfkey_dispatch(int sd, short event, void *arg)
+pfkey_dispatch(int fd, short event, void *arg)
{
struct iked *env = (struct iked *)arg;
struct pfkey_message pm, *pmp;
@@ -1721,7 +1721,7 @@ pfkey_dispatch(int sd, short event, void *arg)
ssize_t len;
uint8_t *data;
- if (recv(sd, &hdr, sizeof(hdr), MSG_PEEK) != sizeof(hdr)) {
+ if (recv(fd, &hdr, sizeof(hdr), MSG_PEEK) != sizeof(hdr)) {
log_warn("%s: short recv", __func__);
return;
}
@@ -1738,7 +1738,7 @@ pfkey_dispatch(int sd, short event, void *arg)
}
len = hdr.sadb_msg_len * PFKEYV2_CHUNK;
- if (read(sd, data, len) != len) {
+ if (read(fd, data, len) != len) {
log_warn("%s: short read", __func__);
free(data);
return;
@@ -1807,7 +1807,7 @@ pfkey_process(struct iked *env, struct pfkey_message *pm)
struct sadb_x_policy sa_pol;
struct sockaddr *ssrc, *sdst, *smask, *dmask, *speer;
struct iovec iov[IOV_CNT];
- int ret = 0, iov_cnt, sd;
+ int ret = 0, iov_cnt, fd;
uint8_t *reply;
ssize_t rlen;
const char *errmsg = NULL;
@@ -1818,7 +1818,7 @@ pfkey_process(struct iked *env, struct pfkey_message *pm)
if (!env || !data || !len)
return (0);
- sd = env->sc_pfkey;
+ fd = env->sc_pfkey;
hdr = (struct sadb_msg *)data;
switch (hdr->sadb_msg_type) {
@@ -1873,7 +1873,7 @@ pfkey_process(struct iked *env, struct pfkey_message *pm)
smsg.sadb_msg_len += sizeof(sa_pol) / 8;
iov_cnt++;
- if (pfkey_write(sd, &smsg, iov, iov_cnt, &reply, &rlen)) {
+ if (pfkey_write(fd, &smsg, iov, iov_cnt, &reply, &rlen)) {
log_warnx("%s: failed to get a policy", __func__);
return (0);
}
diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c
index b26e4825e64..90b442d97f2 100644
--- a/sbin/iked/policy.c
+++ b/sbin/iked/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.85 2021/10/26 17:31:22 tobhe Exp $ */
+/* $OpenBSD: policy.c,v 1.86 2021/11/24 20:48:00 tobhe Exp $ */
/*
* Copyright (c) 2020-2021 Tobias Heider <tobhe@openbsd.org>
@@ -644,7 +644,7 @@ sa_free_flows(struct iked *env, struct iked_saflows *head)
if (flow->flow_loaded)
RB_REMOVE(iked_flows, &env->sc_activeflows, flow);
TAILQ_REMOVE(head, flow, flow_entry);
- (void)pfkey_flow_delete(env->sc_pfkey, flow);
+ (void)pfkey_flow_delete(env, flow);
flow_free(flow);
}
}