From 19dd3c9508c86d13df61aca0ba30abc447df5640 Mon Sep 17 00:00:00 2001 From: itojun <itojun@NetBSD.org> Date: Tue, 3 Aug 2004 15:53:03 +0000 Subject: [PATCH] send error up when error happens during SADB_UPDATE. kame-pr-785 --- sys/netkey/key.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/sys/netkey/key.c b/sys/netkey/key.c index df4b96528051..3fd84085a2bb 100644 --- a/sys/netkey/key.c +++ b/sys/netkey/key.c @@ -1,4 +1,4 @@ -/* $NetBSD: key.c,v 1.121 2004/05/31 04:29:01 itojun Exp $ */ +/* $NetBSD: key.c,v 1.122 2004/08/03 15:53:03 itojun Exp $ */ /* $KAME: key.c,v 1.310 2003/09/08 02:23:44 itojun Exp $ */ /* @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.121 2004/05/31 04:29:01 itojun Exp $"); +__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.122 2004/08/03 15:53:03 itojun Exp $"); #include "opt_inet.h" #include "opt_ipsec.h" @@ -1226,6 +1226,8 @@ key_msg2sp(xpl0, len, error) case IPPROTO_ESP: case IPPROTO_AH: case IPPROTO_IPCOMP: + case IPPROTO_IPV4: + case IPPROTO_IPV6: break; default: ipseclog((LOG_DEBUG, @@ -3247,6 +3249,16 @@ key_mature(sav) return EINVAL; } break; + case IPPROTO_TCP: + if (ntohl(sav->spi) != 0x1000) { /*TCP_SIG_SPI*/ + ipseclog((LOG_DEBUG, + "key_mature: SPI must be 0x1000 for TCPMD5.\n")); + return (EINVAL); + } + break; + case IPPROTO_IPV4: + case IPPROTO_IPV6: + break; } /* check satype */ @@ -3300,21 +3312,19 @@ key_mature(sav) case IPPROTO_TCP: if (sav->alg_enc != SADB_EALG_NONE) { ipseclog((LOG_DEBUG, "key_mature: " - "protocol and algorithm mismated.\n")); + "encryption algorithm must be null for TCPMD5.\n")); return (EINVAL); } if (sav->alg_auth != SADB_X_AALG_TCP_MD5) { ipseclog((LOG_DEBUG, "key_mature: " - "protocol and algorithm mismated.\n")); - return (EINVAL); - } - if (ntohl(sav->spi) != 0x1000) { /*TCP_SIG_SPI*/ - ipseclog((LOG_DEBUG, - "key_mature: SPI must be 0x1000.\n")); + "auth algorithm must be tcp-md5 for TCPMD5.\n")); return (EINVAL); } checkmask = 0; break; + case IPPROTO_IPV4: + case IPPROTO_IPV6: + break; default: ipseclog((LOG_DEBUG, "key_mature: Invalid satype.\n")); return EPROTONOSUPPORT; @@ -5086,9 +5096,9 @@ key_update(so, m, mhp) } /* check SA values to be mature. */ - if ((mhp->msg->sadb_msg_errno = key_mature(sav)) != 0) { + if ((error = key_mature(sav)) != 0) { key_freesav(sav); - return key_senderror(so, m, 0); + return key_senderror(so, m, error); } {