diff options
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pfkeyv2.c | 36 | ||||
-rw-r--r-- | sys/net/pfkeyv2.h | 31 | ||||
-rw-r--r-- | sys/net/pfkeyv2_parsemessage.c | 29 |
3 files changed, 52 insertions, 44 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index ed0c168f1e3..c596d6e50e5 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pfkeyv2.c,v 1.51 2000/11/17 05:08:14 angelos Exp $ */ +/* $OpenBSD: pfkeyv2.c,v 1.52 2000/12/14 18:07:29 provos Exp $ */ /* %%% copyright-nrl-97 This software is Copyright 1997-1998 by Randall Atkinson, Ronald Lee, @@ -1515,7 +1515,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len) pfkeyv2_socket->flags |= PFKEYV2_SOCKETFLAGS_REGISTERED; nregistered++; - i = sizeof(struct sadb_supported) + sizeof(ealgs) + sizeof(aalgs); + i = sizeof(struct sadb_supported) + sizeof(ealgs); if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT))) { @@ -1523,6 +1523,27 @@ pfkeyv2_send(struct socket *socket, void *message, int len) goto ret; } + bzero(freeme, i); + + ssup = (struct sadb_supported *) freeme; + ssup->sadb_supported_len = i / sizeof(uint64_t); + + { + void *p = freeme + sizeof(struct sadb_supported); + + bcopy(&ealgs[0], p, sizeof(ealgs)); + } + + headers[SADB_EXT_SUPPORTED_ENCRYPT] = freeme; + + i = sizeof(struct sadb_supported) + sizeof(aalgs); + + if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT))) + { + rval = ENOMEM; + goto ret; + } + /* Keep track what this socket has registered for */ pfkeyv2_socket->registration |= (1 << ((struct sadb_msg *)message)->sadb_msg_satype); @@ -1530,21 +1551,16 @@ pfkeyv2_send(struct socket *socket, void *message, int len) ssup = (struct sadb_supported *) freeme; ssup->sadb_supported_len = i / sizeof(uint64_t); - ssup->sadb_supported_nauth = sizeof(aalgs) / - sizeof(struct sadb_alg); - ssup->sadb_supported_nencrypt = sizeof(ealgs) / - sizeof(struct sadb_alg); { void *p = freeme + sizeof(struct sadb_supported); bcopy(&aalgs[0], p, sizeof(aalgs)); - p += sizeof(aalgs); - bcopy(&ealgs[0], p, sizeof(ealgs)); } - headers[SADB_EXT_SUPPORTED] = freeme; - break; + headers[SADB_EXT_SUPPORTED_AUTH] = freeme; + + break; case SADB_ACQUIRE: case SADB_EXPIRE: diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index 263832b1d64..acd5c1bbef8 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -130,13 +130,11 @@ struct sadb_comb { struct sadb_supported { uint16_t sadb_supported_len; uint16_t sadb_supported_exttype; - uint8_t sadb_supported_nauth; - uint8_t sadb_supported_nencrypt; - uint16_t sadb_supported_reserved; + uint32_t sadb_supported_reserved; }; struct sadb_alg { - uint8_t sadb_alg_type; + uint8_t sadb_alg_id; uint8_t sadb_alg_ivlen; uint16_t sadb_alg_minbits; uint16_t sadb_alg_maxbits; @@ -183,18 +181,19 @@ struct sadb_policy { #define SADB_EXT_IDENTITY_DST 11 #define SADB_EXT_SENSITIVITY 12 #define SADB_EXT_PROPOSAL 13 -#define SADB_EXT_SUPPORTED 14 -#define SADB_EXT_SPIRANGE 15 -#define SADB_X_EXT_SRC_MASK 16 -#define SADB_X_EXT_DST_MASK 17 -#define SADB_X_EXT_PROTOCOL 18 -#define SADB_X_EXT_FLOW_TYPE 19 -#define SADB_X_EXT_SRC_FLOW 20 -#define SADB_X_EXT_DST_FLOW 21 -#define SADB_X_EXT_SA2 22 -#define SADB_X_EXT_DST2 23 -#define SADB_X_EXT_POLICY 24 -#define SADB_EXT_MAX 24 +#define SADB_EXT_SUPPORTED_AUTH 14 +#define SADB_EXT_SUPPORTED_ENCRYPT 15 +#define SADB_EXT_SPIRANGE 16 +#define SADB_X_EXT_SRC_MASK 17 +#define SADB_X_EXT_DST_MASK 18 +#define SADB_X_EXT_PROTOCOL 19 +#define SADB_X_EXT_FLOW_TYPE 20 +#define SADB_X_EXT_SRC_FLOW 21 +#define SADB_X_EXT_DST_FLOW 22 +#define SADB_X_EXT_SA2 23 +#define SADB_X_EXT_DST2 24 +#define SADB_X_EXT_POLICY 25 +#define SADB_EXT_MAX 25 /* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */ #define SADB_SATYPE_UNSPEC 0 diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c index 9d0acd8d4dd..3b8b8441b9e 100644 --- a/sys/net/pfkeyv2_parsemessage.c +++ b/sys/net/pfkeyv2_parsemessage.c @@ -43,7 +43,8 @@ you didn't get a copy, you may request one from <license@inner.net>. #define BITMAP_IDENTITY_DST (1 << SADB_EXT_IDENTITY_DST) #define BITMAP_SENSITIVITY (1 << SADB_EXT_SENSITIVITY) #define BITMAP_PROPOSAL (1 << SADB_EXT_PROPOSAL) -#define BITMAP_SUPPORTED (1 << SADB_EXT_SUPPORTED) +#define BITMAP_SUPPORTED_AUTH (1 << SADB_EXT_SUPPORTED_AUTH) +#define BITMAP_SUPPORTED_ENCRYPT (1 << SADB_EXT_SUPPORTED_ENCRYPT) #define BITMAP_SPIRANGE (1 << SADB_EXT_SPIRANGE) #define BITMAP_LIFETIME (BITMAP_LIFETIME_CURRENT | BITMAP_LIFETIME_HARD | BITMAP_LIFETIME_SOFT) #define BITMAP_ADDRESS (BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_ADDRESS_PROXY) @@ -149,7 +150,7 @@ uint32_t sadb_exts_allowed_out[SADB_MAX+1] = /* ACQUIRE */ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL, /* REGISTER */ - BITMAP_SUPPORTED, + BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT, /* EXPIRE */ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS, /* FLUSH */ @@ -185,7 +186,7 @@ uint32_t sadb_exts_required_out[SADB_MAX+1] = /* ACQUIRE */ 0, /* REGISTER */ - BITMAP_SUPPORTED, + BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT, /* EXPIRE */ BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST, /* FLUSH */ @@ -491,7 +492,8 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) } } break; - case SADB_EXT_SUPPORTED: + case SADB_EXT_SUPPORTED_AUTH: + case SADB_EXT_SUPPORTED_ENCRYPT: { struct sadb_supported *sadb_supported = (struct sadb_supported *)p; int j; @@ -502,24 +504,15 @@ pfkeyv2_parsemessage(void *p, int len, void **headers) if (sadb_supported->sadb_supported_reserved) return EINVAL; - if (i != ((sadb_supported->sadb_supported_nauth + - sadb_supported->sadb_supported_nencrypt) * - sizeof(struct sadb_alg)) + sizeof(struct sadb_supported)) - return EINVAL; - { struct sadb_alg *sadb_alg = (struct sadb_alg *)(p + sizeof(struct sadb_supported)); - for (j = 0; j < sadb_supported->sadb_supported_nauth; j++) { - if (sadb_alg->sadb_alg_type > SADB_AALG_MAX) - return EINVAL; + int max_alg; - if (sadb_alg->sadb_alg_reserved) - return EINVAL; + max_alg = sadb_ext->sadb_ext_type == SADB_EXT_SUPPORTED_AUTH ? + SADB_AALG_MAX : SADB_EALG_MAX; - sadb_alg++; - } - for (j = 0; j < sadb_supported->sadb_supported_nencrypt; j++) { - if (sadb_alg->sadb_alg_type > SADB_EALG_MAX) + for (j = 0; j < sadb_supported->sadb_supported_len - 1; j++) { + if (sadb_alg->sadb_alg_id > max_alg) return EINVAL; if (sadb_alg->sadb_alg_reserved) |