diff options
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pfkeyv2.c | 124 | ||||
-rw-r--r-- | sys/net/pfkeyv2.h | 11 | ||||
-rw-r--r-- | sys/netinet/ip_ah_new.c | 18 | ||||
-rw-r--r-- | sys/netinet/ip_ah_old.c | 18 | ||||
-rw-r--r-- | sys/netinet/ip_esp_new.c | 18 | ||||
-rw-r--r-- | sys/netinet/ip_esp_old.c | 18 | ||||
-rw-r--r-- | sys/netinet/ip_ipsp.c | 24 | ||||
-rw-r--r-- | sys/netinet/ip_output.c | 3 |
8 files changed, 136 insertions, 98 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c index 53ee477b6a2..b57ff0f9903 100644 --- a/sys/net/pfkeyv2.c +++ b/sys/net/pfkeyv2.c @@ -59,9 +59,7 @@ struct pfkeyv2_socket { static struct pfkeyv2_socket *pfkeyv2_sockets = NULL; -#if 0 /* XXX */ static uint32_t pfkeyv2_seq = 1; -#endif static int nregistered = 0; static int npromisc = 0; @@ -83,16 +81,28 @@ static struct sadb_alg aalgs[] = { extern int pfkey_register(struct pfkey_version *version); int pfkey_unregister(struct pfkey_version *version); int pfkey_sendup(struct socket *socket, struct mbuf *packet, int more); -int pfkeyv2_parsemessage(void *p, int len, void **headers); + +void export_address(void **, struct sockaddr *); +void export_identity(void **, struct tdb *, int); +void export_lifetime(void **, struct tdb *, int); +void export_sa(void **, struct tdb *); +void import_address(struct sockaddr *, struct sadb_address *); +void import_identity(struct tdb *, struct sadb_ident *, int); +void import_key(struct ipsecinit *, struct sadb_key *, int); +void import_lifetime(struct tdb *, struct sadb_lifetime *, int); +void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *); +int pfdatatopacket(void *, int, struct mbuf **); int pfkeyv2_acquire(void *); -int pfkeyv2_init(void); -int pfkeyv2_cleanup(void); -int pfkeyv2_expire(struct tdb *); +int pfkeyv2_create(struct socket *); +int pfkeyv2_get(struct tdb *, void **, void **); +int pfkeyv2_release(struct socket *); +int pfkeyv2_send(struct socket *, void *, int); +int pfkeyv2_sendmessage(void **, int, struct socket *, u_int8_t, int); #define EXTLEN(x) (((struct sadb_ext *)(x))->sadb_ext_len * sizeof(uint64_t)) #define PADUP(x) (((x) + sizeof(uint64_t) - 1) & ~(sizeof(uint64_t) - 1)) -static int +int pfdatatopacket(void *data, int len, struct mbuf **packet) { if (!(*packet = m_devget(data, len, 0, NULL, NULL))) @@ -101,7 +111,7 @@ pfdatatopacket(void *data, int len, struct mbuf **packet) return 0; } -static int +int pfkeyv2_create(struct socket *socket) { struct pfkeyv2_socket *pfkeyv2_socket; @@ -120,7 +130,7 @@ pfkeyv2_create(struct socket *socket) return 0; } -static int +int pfkeyv2_release(struct socket *socket) { struct pfkeyv2_socket **pp; @@ -148,7 +158,7 @@ pfkeyv2_release(struct socket *socket) return 0; } -static void +void import_sa(struct tdb *tdb, struct sadb_sa *sadb_sa, struct ipsecinit *ii) { if (!sadb_sa) @@ -176,7 +186,7 @@ import_sa(struct tdb *tdb, struct sadb_sa *sadb_sa, struct ipsecinit *ii) tdb->tdb_flags |= TDBF_INVALID; } -static void +void export_sa(void **p, struct tdb *tdb) { struct sadb_sa *sadb_sa = (struct sadb_sa *)*p; @@ -207,7 +217,7 @@ export_sa(void **p, struct tdb *tdb) *p += sizeof(struct sadb_sa); } -static void +void import_lifetime(struct tdb *tdb, struct sadb_lifetime *sadb_lifetime, int type) { struct expiration *exp; @@ -288,7 +298,7 @@ import_lifetime(struct tdb *tdb, struct sadb_lifetime *sadb_lifetime, int type) } } -static void +void export_lifetime(void **p, struct tdb *tdb, int type) { struct sadb_lifetime *sadb_lifetime = (struct sadb_lifetime *)*p; @@ -340,7 +350,7 @@ export_lifetime(void **p, struct tdb *tdb, int type) *p += sizeof(struct sadb_lifetime); } -static void +void import_address(struct sockaddr *sa, struct sadb_address *sadb_address) { int salen; @@ -370,7 +380,7 @@ import_address(struct sockaddr *sa, struct sadb_address *sadb_address) sa->sa_len = salen; } -static void +void export_address(void **p, struct sockaddr *sa) { struct sadb_address *sadb_address = (struct sadb_address *)*p; @@ -384,7 +394,7 @@ export_address(void **p, struct sockaddr *sa) *p += PADUP(SA_LEN(sa)); } -static void +void import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type) { if (!sadb_ident) @@ -409,7 +419,7 @@ import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type) } } -static void +void export_identity(void **p, struct tdb *tdb, int type) { struct sadb_ident *sadb_ident = (struct sadb_ident *)*p; @@ -429,7 +439,7 @@ export_identity(void **p, struct tdb *tdb, int type) } } -static void +void import_key(struct ipsecinit *ii, struct sadb_key *sadb_key, int type) { if (!sadb_key) @@ -444,7 +454,7 @@ import_key(struct ipsecinit *ii, struct sadb_key *sadb_key, int type) } } -static int +int pfkeyv2_sendmessage(void **headers, int mode, struct socket *socket, u_int8_t satype, int count) { @@ -555,7 +565,7 @@ ret: extern uint32_t sadb_exts_allowed_out[SADB_MAX+1]; extern uint32_t sadb_exts_required_out[SADB_MAX+1]; -static int +int pfkeyv2_get(struct tdb *sa, void **headers, void **buffer) { int rval, i; @@ -646,7 +656,7 @@ struct dump_state { }; #if 0 /* XXX Need to add a tdb_walk routine for this to work */ -static int +int pfkeyv2_dump_walker(struct tdb *sa, void *state) { struct dump_state *dump_state = (struct dump_state *)state; @@ -670,7 +680,7 @@ pfkeyv2_dump_walker(struct tdb *sa, void *state) } #endif /* 0 */ -static int +int pfkeyv2_send(struct socket *socket, void *message, int len) { void *headers[SADB_EXT_MAX + 1]; @@ -1521,10 +1531,74 @@ ret: } int -pfkeyv2_expire(struct tdb *sa) +pfkeyv2_expire(struct tdb *sa, u_int16_t type) { - /* XXX missing */ - return 0; + int rval = 0; + int i; + u_int8_t satype; + void *p, *headers[SADB_EXT_MAX+1], *buffer; + + switch (sa->tdb_sproto) { + case IPPROTO_AH: + satype = sa->tdb_xform->xf_type == XF_OLD_AH ? SADB_SATYPE_X_AH_OLD : SADB_SATYPE_AH; + break; + case IPPROTO_ESP: + satype = sa->tdb_xform->xf_type == XF_OLD_ESP ? SADB_SATYPE_X_ESP_OLD : SADB_SATYPE_ESP; + break; + case IPPROTO_IPIP: + satype = SADB_SATYPE_X_IPIP; + break; + default: + rval = EOPNOTSUPP; + goto ret; + } + + i = sizeof(struct sadb_msg) + sizeof(struct sadb_sa) + + 2 * sizeof(struct sadb_lifetime) + + sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_src.sa)) + + sizeof(struct sadb_address) + PADUP(SA_LEN(&sa->tdb_dst.sa)); + + if (!(p = malloc(i, M_TEMP, M_DONTWAIT))) { + rval = ENOMEM; + goto ret; + } + + bzero(headers, sizeof(headers)); + + buffer = p; + bzero(p, i); + + headers[0] = p; + p += sizeof(struct sadb_msg); + ((struct sadb_msg *)headers[0])->sadb_msg_version = PF_KEY_V2; + ((struct sadb_msg *)headers[0])->sadb_msg_type = SADB_EXPIRE; + ((struct sadb_msg *)headers[0])->sadb_msg_satype = satype; + ((struct sadb_msg *)headers[0])->sadb_msg_len = i / sizeof(uint64_t); + ((struct sadb_msg *)headers[0])->sadb_msg_seq = pfkeyv2_seq++; + + headers[SADB_EXT_SA] = p; + export_sa(&p, sa); + + headers[SADB_EXT_LIFETIME_CURRENT] = p; + export_lifetime(&p, sa, 2); + + headers[type] = p; + export_lifetime(&p, sa, type == SADB_EXT_LIFETIME_SOFT ? 1 : 0); + + headers[SADB_EXT_ADDRESS_SRC] = p; + export_address(&p, (struct sockaddr *)&sa->tdb_src); + + headers[SADB_EXT_ADDRESS_DST] = p; + export_address(&p, (struct sockaddr *)&sa->tdb_dst); + + if ((rval = pfkeyv2_sendmessage(headers, PFKEYV2_SENDMESSAGE_BROADCAST, + NULL, 0, 0))!= 0) + goto ret; + + rval = 0; + +ret: + return rval; } int diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h index 31f68a9ec86..6945f81951e 100644 --- a/sys/net/pfkeyv2.h +++ b/sys/net/pfkeyv2.h @@ -230,7 +230,7 @@ struct sadb_protocol { #define SADB_SAFLAGS_X_HALFIV 0x02 /* Used for ESP-old */ #define SADB_SAFLAGS_X_TUNNEL 0x04 /* Force tunneling */ #define SADB_SAFLAGS_X_CHAINDEL 0x08 /* Delete whole SA chain */ -#define SADB_SAFLAGS_X_LOCALFLOW 0x10 /* Delete whole SA chain */ +#define SADB_SAFLAGS_X_LOCALFLOW 0x10 /* Add flow with 0.0.0.0 as src */ #define SADB_IDENTTYPE_RESERVED 0 #define SADB_IDENTTYPE_PREFIX 1 @@ -241,9 +241,12 @@ struct sadb_protocol { #define SADB_KEY_FLAGS_MAX 0 -#ifdef KERNEL +#ifdef _KERNEL +struct tdb; + int pfkeyv2_init(void); int pfkeyv2_cleanup(void); -int pfkeyv2_parsemessage(void *p, int len, void **headers); -#endif /* KERNEL */ +int pfkeyv2_parsemessage(void *, int, void **); +int pfkeyv2_expire(struct tdb *, u_int16_t); +#endif /* _KERNEL */ #endif /* _NET_PFKEY_V2_H */ diff --git a/sys/netinet/ip_ah_new.c b/sys/netinet/ip_ah_new.c index cdb781deb56..c3531efeea1 100644 --- a/sys/netinet/ip_ah_new.c +++ b/sys/netinet/ip_ah_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah_new.c,v 1.24 1999/02/25 20:14:36 angelos Exp $ */ +/* $OpenBSD: ip_ah_new.c,v 1.25 1999/03/24 17:00:44 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -273,9 +273,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb) if ((tdb->tdb_flags & TDBF_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb, 0); m_freem(m); return NULL; @@ -285,9 +283,7 @@ ah_new_input(struct mbuf *m, struct tdb *tdb) if ((tdb->tdb_flags & TDBF_SOFT_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */ } @@ -504,9 +500,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, if ((tdb->tdb_flags & TDBF_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb, 0); m_freem(m); return EINVAL; @@ -516,9 +510,7 @@ ah_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, if ((tdb->tdb_flags & TDBF_SOFT_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */ } diff --git a/sys/netinet/ip_ah_old.c b/sys/netinet/ip_ah_old.c index 841d954fe8d..2bd432332f2 100644 --- a/sys/netinet/ip_ah_old.c +++ b/sys/netinet/ip_ah_old.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ah_old.c,v 1.21 1999/02/25 20:14:38 angelos Exp $ */ +/* $OpenBSD: ip_ah_old.c,v 1.22 1999/03/24 17:00:45 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -237,9 +237,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb) if ((tdb->tdb_flags & TDBF_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); m_freem(m); tdb_delete(tdb, 0); return NULL; @@ -249,9 +247,7 @@ ah_old_input(struct mbuf *m, struct tdb *tdb) if ((tdb->tdb_flags & TDBF_SOFT_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */ } @@ -431,9 +427,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, if ((tdb->tdb_flags & TDBF_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb, 0); m_freem(m); return EINVAL; @@ -443,9 +437,7 @@ ah_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, if ((tdb->tdb_flags & TDBF_SOFT_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */ } diff --git a/sys/netinet/ip_esp_new.c b/sys/netinet/ip_esp_new.c index 5147490447c..67f87eb5b9e 100644 --- a/sys/netinet/ip_esp_new.c +++ b/sys/netinet/ip_esp_new.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_new.c,v 1.39 1999/02/25 20:23:02 angelos Exp $ */ +/* $OpenBSD: ip_esp_new.c,v 1.40 1999/03/24 17:00:45 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -494,9 +494,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) if ((tdb->tdb_flags & TDBF_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb, 0); m_freem(m); return NULL; @@ -506,9 +504,7 @@ esp_new_input(struct mbuf *m, struct tdb *tdb) if ((tdb->tdb_flags & TDBF_SOFT_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */ } @@ -836,9 +832,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, if ((tdb->tdb_flags & TDBF_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb, 0); m_freem(m); return EINVAL; @@ -848,9 +842,7 @@ esp_new_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, if ((tdb->tdb_flags & TDBF_SOFT_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */ } diff --git a/sys/netinet/ip_esp_old.c b/sys/netinet/ip_esp_old.c index 2c51ead6429..92639fe002a 100644 --- a/sys/netinet/ip_esp_old.c +++ b/sys/netinet/ip_esp_old.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_esp_old.c,v 1.30 1999/02/25 20:14:41 angelos Exp $ */ +/* $OpenBSD: ip_esp_old.c,v 1.31 1999/03/24 17:00:46 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -291,9 +291,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb) if ((tdb->tdb_flags & TDBF_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb, 0); m_freem(m); return NULL; @@ -303,9 +301,7 @@ esp_old_input(struct mbuf *m, struct tdb *tdb) if ((tdb->tdb_flags & TDBF_SOFT_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */ } @@ -578,9 +574,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, if ((tdb->tdb_flags & TDBF_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_exp_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb, 0); m_freem(m); return EINVAL; @@ -590,9 +584,7 @@ esp_old_output(struct mbuf *m, struct sockaddr_encap *gw, struct tdb *tdb, if ((tdb->tdb_flags & TDBF_SOFT_BYTES) && (tdb->tdb_cur_bytes >= tdb->tdb_soft_bytes)) { -/* XXX - encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_BYTES; /* Turn off checking */ } diff --git a/sys/netinet/ip_ipsp.c b/sys/netinet/ip_ipsp.c index ffdeff4c5d3..21ba455bca3 100644 --- a/sys/netinet/ip_ipsp.c +++ b/sys/netinet/ip_ipsp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_ipsp.c,v 1.37 1999/03/04 21:51:27 deraadt Exp $ */ +/* $OpenBSD: ip_ipsp.c,v 1.38 1999/03/24 17:00:47 niklas Exp $ */ /* * The authors of this code are John Ioannidis (ji@tla.org), @@ -471,9 +471,7 @@ handle_expirations(void *arg) if ((tdb->tdb_flags & TDBF_TIMER) && (tdb->tdb_exp_timeout <= time.tv_sec)) { -/* XXX - encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb, 0); continue; } @@ -481,9 +479,7 @@ handle_expirations(void *arg) if ((tdb->tdb_flags & TDBF_FIRSTUSE) && (tdb->tdb_first_use + tdb->tdb_exp_first_use <= time.tv_sec)) { -/* XXX - encap_sendnotify(NOTIFY_HARD_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_HARD); tdb_delete(tdb, 0); continue; } @@ -492,9 +488,7 @@ handle_expirations(void *arg) if ((tdb->tdb_flags & TDBF_SOFT_TIMER) && (tdb->tdb_soft_timeout <= time.tv_sec)) { -/* XXX - encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_TIMER; } else @@ -502,9 +496,7 @@ handle_expirations(void *arg) (tdb->tdb_first_use + tdb->tdb_soft_first_use <= time.tv_sec)) { -/* XXX - encap_sendnotify(NOTIFY_SOFT_EXPIRE, tdb, NULL); -*/ + pfkeyv2_expire(tdb, SADB_EXT_LIFETIME_SOFT); tdb->tdb_flags &= ~TDBF_SOFT_FIRSTUSE; } } @@ -714,7 +706,9 @@ tdb_delete(struct tdb *tdbp, int delchain) ipsec_in_use--; } - cleanup_expirations(&tdbp->tdb_dst, tdbp->tdb_spi, tdbp->tdb_sproto); + /* removal of a larval SA should not remove the mature SA's expirations */ + if ((tdbp->tdb_flags & TDBF_INVALID) == 0) + cleanup_expirations(&tdbp->tdb_dst, tdbp->tdb_spi, tdbp->tdb_sproto); if (tdbp->tdb_srcid) FREE(tdbp->tdb_srcid, M_XDATA); @@ -834,7 +828,7 @@ ipsp_kern(int off, char **bufp, int len) else i = 1; - l += sprintf(buffer + l, "halviv"); + l += sprintf(buffer + l, "halfiv"); } if (tdb->tdb_flags & TDBF_PFS) diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index 288e96d6c38..311806ea3d8 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.42 1999/03/06 20:59:41 angelos Exp $ */ +/* $OpenBSD: ip_output.c,v 1.43 1999/03/24 17:00:47 niklas Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -86,7 +86,6 @@ int (*fr_checkp) __P((struct ip *, int, struct ifnet *, int, struct mbuf **)); #endif #ifdef IPSEC -extern void encap_sendnotify __P((int, struct tdb *, void *)); extern int ipsec_auth_default_level; extern int ipsec_esp_trans_default_level; extern int ipsec_esp_network_default_level; |