summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pfkeyv2.c36
-rw-r--r--sys/net/pfkeyv2.h31
-rw-r--r--sys/net/pfkeyv2_parsemessage.c29
3 files changed, 52 insertions, 44 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index ed0c168f1e3..c596d6e50e5 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.51 2000/11/17 05:08:14 angelos Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.52 2000/12/14 18:07:29 provos Exp $ */
/*
%%% copyright-nrl-97
This software is Copyright 1997-1998 by Randall Atkinson, Ronald Lee,
@@ -1515,7 +1515,7 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
pfkeyv2_socket->flags |= PFKEYV2_SOCKETFLAGS_REGISTERED;
nregistered++;
- i = sizeof(struct sadb_supported) + sizeof(ealgs) + sizeof(aalgs);
+ i = sizeof(struct sadb_supported) + sizeof(ealgs);
if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT)))
{
@@ -1523,6 +1523,27 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
goto ret;
}
+ bzero(freeme, i);
+
+ ssup = (struct sadb_supported *) freeme;
+ ssup->sadb_supported_len = i / sizeof(uint64_t);
+
+ {
+ void *p = freeme + sizeof(struct sadb_supported);
+
+ bcopy(&ealgs[0], p, sizeof(ealgs));
+ }
+
+ headers[SADB_EXT_SUPPORTED_ENCRYPT] = freeme;
+
+ i = sizeof(struct sadb_supported) + sizeof(aalgs);
+
+ if (!(freeme = malloc(i, M_PFKEY, M_DONTWAIT)))
+ {
+ rval = ENOMEM;
+ goto ret;
+ }
+
/* Keep track what this socket has registered for */
pfkeyv2_socket->registration |= (1 << ((struct sadb_msg *)message)->sadb_msg_satype);
@@ -1530,21 +1551,16 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
ssup = (struct sadb_supported *) freeme;
ssup->sadb_supported_len = i / sizeof(uint64_t);
- ssup->sadb_supported_nauth = sizeof(aalgs) /
- sizeof(struct sadb_alg);
- ssup->sadb_supported_nencrypt = sizeof(ealgs) /
- sizeof(struct sadb_alg);
{
void *p = freeme + sizeof(struct sadb_supported);
bcopy(&aalgs[0], p, sizeof(aalgs));
- p += sizeof(aalgs);
- bcopy(&ealgs[0], p, sizeof(ealgs));
}
- headers[SADB_EXT_SUPPORTED] = freeme;
- break;
+ headers[SADB_EXT_SUPPORTED_AUTH] = freeme;
+
+ break;
case SADB_ACQUIRE:
case SADB_EXPIRE:
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index 263832b1d64..acd5c1bbef8 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -130,13 +130,11 @@ struct sadb_comb {
struct sadb_supported {
uint16_t sadb_supported_len;
uint16_t sadb_supported_exttype;
- uint8_t sadb_supported_nauth;
- uint8_t sadb_supported_nencrypt;
- uint16_t sadb_supported_reserved;
+ uint32_t sadb_supported_reserved;
};
struct sadb_alg {
- uint8_t sadb_alg_type;
+ uint8_t sadb_alg_id;
uint8_t sadb_alg_ivlen;
uint16_t sadb_alg_minbits;
uint16_t sadb_alg_maxbits;
@@ -183,18 +181,19 @@ struct sadb_policy {
#define SADB_EXT_IDENTITY_DST 11
#define SADB_EXT_SENSITIVITY 12
#define SADB_EXT_PROPOSAL 13
-#define SADB_EXT_SUPPORTED 14
-#define SADB_EXT_SPIRANGE 15
-#define SADB_X_EXT_SRC_MASK 16
-#define SADB_X_EXT_DST_MASK 17
-#define SADB_X_EXT_PROTOCOL 18
-#define SADB_X_EXT_FLOW_TYPE 19
-#define SADB_X_EXT_SRC_FLOW 20
-#define SADB_X_EXT_DST_FLOW 21
-#define SADB_X_EXT_SA2 22
-#define SADB_X_EXT_DST2 23
-#define SADB_X_EXT_POLICY 24
-#define SADB_EXT_MAX 24
+#define SADB_EXT_SUPPORTED_AUTH 14
+#define SADB_EXT_SUPPORTED_ENCRYPT 15
+#define SADB_EXT_SPIRANGE 16
+#define SADB_X_EXT_SRC_MASK 17
+#define SADB_X_EXT_DST_MASK 18
+#define SADB_X_EXT_PROTOCOL 19
+#define SADB_X_EXT_FLOW_TYPE 20
+#define SADB_X_EXT_SRC_FLOW 21
+#define SADB_X_EXT_DST_FLOW 22
+#define SADB_X_EXT_SA2 23
+#define SADB_X_EXT_DST2 24
+#define SADB_X_EXT_POLICY 25
+#define SADB_EXT_MAX 25
/* Fix pfkeyv2.c struct pfkeyv2_socket if SATYPE_MAX > 31 */
#define SADB_SATYPE_UNSPEC 0
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 9d0acd8d4dd..3b8b8441b9e 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -43,7 +43,8 @@ you didn't get a copy, you may request one from <license@inner.net>.
#define BITMAP_IDENTITY_DST (1 << SADB_EXT_IDENTITY_DST)
#define BITMAP_SENSITIVITY (1 << SADB_EXT_SENSITIVITY)
#define BITMAP_PROPOSAL (1 << SADB_EXT_PROPOSAL)
-#define BITMAP_SUPPORTED (1 << SADB_EXT_SUPPORTED)
+#define BITMAP_SUPPORTED_AUTH (1 << SADB_EXT_SUPPORTED_AUTH)
+#define BITMAP_SUPPORTED_ENCRYPT (1 << SADB_EXT_SUPPORTED_ENCRYPT)
#define BITMAP_SPIRANGE (1 << SADB_EXT_SPIRANGE)
#define BITMAP_LIFETIME (BITMAP_LIFETIME_CURRENT | BITMAP_LIFETIME_HARD | BITMAP_LIFETIME_SOFT)
#define BITMAP_ADDRESS (BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_ADDRESS_PROXY)
@@ -149,7 +150,7 @@ uint32_t sadb_exts_allowed_out[SADB_MAX+1] =
/* ACQUIRE */
BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL,
/* REGISTER */
- BITMAP_SUPPORTED,
+ BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT,
/* EXPIRE */
BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS,
/* FLUSH */
@@ -185,7 +186,7 @@ uint32_t sadb_exts_required_out[SADB_MAX+1] =
/* ACQUIRE */
0,
/* REGISTER */
- BITMAP_SUPPORTED,
+ BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT,
/* EXPIRE */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
/* FLUSH */
@@ -491,7 +492,8 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
}
}
break;
- case SADB_EXT_SUPPORTED:
+ case SADB_EXT_SUPPORTED_AUTH:
+ case SADB_EXT_SUPPORTED_ENCRYPT:
{
struct sadb_supported *sadb_supported = (struct sadb_supported *)p;
int j;
@@ -502,24 +504,15 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
if (sadb_supported->sadb_supported_reserved)
return EINVAL;
- if (i != ((sadb_supported->sadb_supported_nauth +
- sadb_supported->sadb_supported_nencrypt) *
- sizeof(struct sadb_alg)) + sizeof(struct sadb_supported))
- return EINVAL;
-
{
struct sadb_alg *sadb_alg = (struct sadb_alg *)(p + sizeof(struct sadb_supported));
- for (j = 0; j < sadb_supported->sadb_supported_nauth; j++) {
- if (sadb_alg->sadb_alg_type > SADB_AALG_MAX)
- return EINVAL;
+ int max_alg;
- if (sadb_alg->sadb_alg_reserved)
- return EINVAL;
+ max_alg = sadb_ext->sadb_ext_type == SADB_EXT_SUPPORTED_AUTH ?
+ SADB_AALG_MAX : SADB_EALG_MAX;
- sadb_alg++;
- }
- for (j = 0; j < sadb_supported->sadb_supported_nencrypt; j++) {
- if (sadb_alg->sadb_alg_type > SADB_EALG_MAX)
+ for (j = 0; j < sadb_supported->sadb_supported_len - 1; j++) {
+ if (sadb_alg->sadb_alg_id > max_alg)
return EINVAL;
if (sadb_alg->sadb_alg_reserved)