From 4665b240988d0a86d57610b6f4759283bf848071 Mon Sep 17 00:00:00 2001
From: "Angelos D. Keromytis" <angelos@cvs.openbsd.org>
Date: Fri, 29 Sep 2000 19:00:15 +0000
Subject: Don't use an SA payload for ADDFLOW/DELFLOW.

---
 sys/net/pfkeyv2.c              | 38 +-------------------------------------
 sys/net/pfkeyv2_parsemessage.c |  8 ++++----
 2 files changed, 5 insertions(+), 41 deletions(-)

(limited to 'sys/net')

diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index d7972265736..b37c7b3441e 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.44 2000/09/21 02:38:32 angelos Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.45 2000/09/29 19:00:13 angelos Exp $ */
 /*
 %%% copyright-nrl-97
 This software is Copyright 1997-1998 by Randall Atkinson, Ronald Lee,
@@ -1475,7 +1475,6 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 	    u_int8_t transproto = 0;
 	    u_int8_t direction;
 	    int exists = 0;
-	    struct tdb *ktdb = NULL;
 
 	    direction = (((struct sadb_protocol *) headers[SADB_X_EXT_FLOW_TYPE])->sadb_protocol_direction);
             if ((direction != IPSP_DIRECTION_IN) &&
@@ -1485,8 +1484,6 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 		goto ret;
             }
 
-	    ssa = (struct sadb_sa *) headers[SADB_EXT_SA];
-
             /* If the security protocol wasn't specified, pretend it was ESP */
             if (smsg->sadb_msg_satype == 0)
               smsg->sadb_msg_satype = SADB_SATYPE_ESP;
@@ -1651,39 +1648,6 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 		      sizeof(struct sockaddr_encap));
 	    }
 
-	    /*
-	     * A direct "hint" was provided, try to locate TDB. If we
-	     * don't find it, return an error, since it was expected
-	     * that we'd be able to find the TDB. Be careful with any
-	     * previously pointed to TDB.
-	     */
-	    if (ssa && ssa->sadb_sa_spi && sunionp)
-	    {
-		ktdb = ipo->ipo_tdb; /* Hold for now */
-
-		s = spltdb();
-		ipo->ipo_tdb = gettdb(ssa->sadb_sa_spi, sunionp,
-				      SADB_GETSPROTO(smsg->sadb_msg_satype));
-		if (ipo->ipo_tdb == NULL)
-		{
-                    if (!exists)
-                      FREE(ipo, M_TDB);
-                    else
-		      ipsec_delete_policy(ipo);
-		    rval = ESRCH;
-		    goto splxret;
-		}
-		else
-		{
-                    if (ktdb)
-		      TAILQ_REMOVE(&ktdb->tdb_policy_head, ipo, ipo_tdb_next);
-		    TAILQ_INSERT_HEAD(&ipo->ipo_tdb->tdb_policy_head, ipo,
-				      ipo_tdb_next);
-		}
-
-		splx(s);
-	    }
-
 	    switch (((struct sadb_protocol *) headers[SADB_X_EXT_FLOW_TYPE])->sadb_protocol_proto)
 	    {
 		case FLOW_X_TYPE_USE:
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index 1c1e7ab3b2c..6977e074b25 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -86,9 +86,9 @@ uint32_t sadb_exts_allowed_in[SADB_MAX+1] =
   /* X_PROMISC */
   0,
   /* X_ADDFLOW */
-  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST,
+  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST,
   /* X_DELFLOW */
-  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_SA | BITMAP_ADDRESS_DST | BITMAP_X_FLOW_TYPE,
+  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
   /* X_GRPSPIS */
   BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
 };
@@ -154,9 +154,9 @@ uint32_t sadb_exts_allowed_out[SADB_MAX+1] =
   /* X_PROMISC */
   0,
   /* X_ADDFLOW */
-  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST,
+  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE | BITMAP_IDENTITY_SRC | BITMAP_IDENTITY_DST,
   /* X_DELFLOW */
-  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_SA | BITMAP_ADDRESS_DST | BITMAP_X_FLOW_TYPE,
+  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
   /* X_GRPSPIS */
   BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
 };
-- 
cgit v1.2.3