Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hide shouldn't-be-exported symbols from the outside. 

don't compile pfkey*, since we expect tons of changes in the near future.

bump shlib major (due to less exported APIs than before - am I correct here?).
This commit is contained in:
itojun 2000-03-13 21:23:55 +00:00
parent e2850da406
commit 8ab75e23f4
10 changed files with 132 additions and 129 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
distrib/sets/lists/base/shl.elf
View File

@ -1,4 +1,4 @@
# $NetBSD: shl.elf,v 1.16 2000/02/20 07:02:48 mycroft Exp $
# $NetBSD: shl.elf,v 1.17 2000/03/13 21:23:58 itojun Exp $
./usr/lib/libamu.so.1
./usr/lib/libbz2.so.0
./usr/lib/libc.so.12
@ -7,7 +7,7 @@
./usr/lib/libedit.so.2
./usr/lib/libg2c.so.0
./usr/lib/libgnumalloc.so.0
./usr/lib/libipsec.so.1
./usr/lib/libipsec.so.2
./usr/lib/libkvm.so.5
./usr/lib/libm.so.0
./usr/lib/libmenu.so.0

4
distrib/sets/lists/base/shl.mi
View File

@ -1,4 +1,4 @@
# $NetBSD: shl.mi,v 1.57 2000/03/09 23:32:03 cjs Exp $
# $NetBSD: shl.mi,v 1.58 2000/03/13 21:23:58 itojun Exp $
./usr/lib/libamu.so.1.1
./usr/lib/libbz2.so.0.0
./usr/lib/libc.so.12.58
@ -7,7 +7,7 @@
./usr/lib/libedit.so.2.3
./usr/lib/libg2c.so.0.0
./usr/lib/libgnumalloc.so.0.0
./usr/lib/libipsec.so.1.0
./usr/lib/libipsec.so.2.0
./usr/lib/libkvm.so.5.0
./usr/lib/libm.so.0.1
./usr/lib/libmenu.so.0.1

9
lib/libipsec/Makefile
View File

@ -1,18 +1,19 @@
# $NetBSD: Makefile,v 1.3 2000/01/31 14:15:30 itojun Exp $
# $NetBSD: Makefile,v 1.4 2000/03/13 21:23:55 itojun Exp $
LIB= ipsec
CFLAGS+=-g
CPPFLAGS+=-DIPSEC_DEBUG -DIPSEC -DINET6 -I. -DYY_NO_UNPUT
.PATH: ${.CURDIR}/../../sys/netkey
SRCS= pfkey.c pfkey_dump.c
SRCS+= ipsec_strerror.c policy_parse.y policy_token.l
SRCS+= ipsec_get_policylen.c ipsec_dump_policy.c
SRCS+= key_debug.c
LPREFIX+=__libyy
YPREFIX+=__libyy
YHEADER=1
#.PATH: ${.CURDIR}/../../sys/netkey
#SRCS+= pfkey.c pfkey_dump.c
#SRCS+= key_debug.c
#LFLAGS+= -olex.yy.c
MAN= ipsec_set_policy.3 ipsec_strerror.3

26
lib/libipsec/ipsec_dump_policy.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipsec_dump_policy.c,v 1.1 2000/02/01 03:08:36 itojun Exp $ */
/* $NetBSD: ipsec_dump_policy.c,v 1.2 2000/03/13 21:23:55 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@ -79,7 +79,7 @@ ipsec_dump_policy(policy, delimiter)
if (policy == NULL)
return NULL;
if (xpl->sadb_x_policy_exttype != SADB_X_EXT_POLICY) {
ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
return NULL;
}
@ -93,7 +93,7 @@ ipsec_dump_policy(policy, delimiter)
case IPSEC_DIR_OUTBOUND:
break;
default:
ipsec_errcode = EIPSEC_INVAL_DIR;
__ipsec_errcode = EIPSEC_INVAL_DIR;
return NULL;
}
@ -105,7 +105,7 @@ ipsec_dump_policy(policy, delimiter)
case IPSEC_POLICY_ENTRUST:
break;
default:
ipsec_errcode = EIPSEC_INVAL_POLICY;
__ipsec_errcode = EIPSEC_INVAL_POLICY;
return NULL;
}
@ -115,7 +115,7 @@ ipsec_dump_policy(policy, delimiter)
+ 1; /* NUL */
if ((buf = malloc(buflen)) == NULL) {
ipsec_errcode = EIPSEC_NO_BUFS;
__ipsec_errcode = EIPSEC_NO_BUFS;
return NULL;
}
strcpy(buf, ipsp_dir_strs[xpl->sadb_x_policy_dir]);
@ -123,7 +123,7 @@ ipsec_dump_policy(policy, delimiter)
strcat(buf, ipsp_policy_strs[xpl->sadb_x_policy_type]);
if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return buf;
}
@ -142,13 +142,13 @@ ipsec_dump_policy(policy, delimiter)
/* validity check */
if (xtlen < 0) {
ipsec_errcode = EIPSEC_INVAL_SADBMSG;
__ipsec_errcode = EIPSEC_INVAL_SADBMSG;
free(buf);
return NULL;
}
if ((buf = realloc(buf, buflen)) == NULL) {
ipsec_errcode = EIPSEC_NO_BUFS;
__ipsec_errcode = EIPSEC_NO_BUFS;
return NULL;
}
@ -169,7 +169,7 @@ ipsec_dump_policy(policy, delimiter)
strcat(buf, "ipcomp");
break;
default:
ipsec_errcode = EIPSEC_INVAL_PROTO;
__ipsec_errcode = EIPSEC_INVAL_PROTO;
free(buf);
return NULL;
}
@ -187,7 +187,7 @@ ipsec_dump_policy(policy, delimiter)
strcat(buf, "tunnel");
break;
default:
ipsec_errcode = EIPSEC_INVAL_MODE;
__ipsec_errcode = EIPSEC_INVAL_MODE;
free(buf);
return NULL;
}
@ -197,7 +197,7 @@ ipsec_dump_policy(policy, delimiter)
if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
error = set_addresses(buf, (caddr_t)(xisr + 1));
if (error) {
ipsec_errcode = EIPSEC_INVAL_MODE;
__ipsec_errcode = EIPSEC_INVAL_MODE;
free(buf);
return NULL;
}
@ -217,7 +217,7 @@ ipsec_dump_policy(policy, delimiter)
strcat(buf, "/unique");
break;
default:
ipsec_errcode = EIPSEC_INVAL_LEVEL;
__ipsec_errcode = EIPSEC_INVAL_LEVEL;
free(buf);
return NULL;
}
@ -239,7 +239,7 @@ ipsec_dump_policy(policy, delimiter)
+ xisr->sadb_x_ipsecrequest_len);
}
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return buf;
}

14
lib/libipsec/ipsec_strerror.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipsec_strerror.c,v 1.4 2000/01/31 14:15:31 itojun Exp $ */
/* $NetBSD: ipsec_strerror.c,v 1.5 2000/03/13 21:23:55 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@ -37,7 +37,7 @@
#include "ipsec_strerror.h"
int ipsec_errcode;
int __ipsec_errcode;
static char *ipsec_errlist[] = {
"Success", /*EIPSEC_NO_ERROR*/
@ -72,15 +72,15 @@ NULL, /*EIPSEC_SYSTEM_ERROR*/
char *ipsec_strerror(void)
{
if (ipsec_errcode < 0 || ipsec_errcode > EIPSEC_MAX)
ipsec_errcode = EIPSEC_MAX;
if (__ipsec_errcode < 0 || __ipsec_errcode > EIPSEC_MAX)
__ipsec_errcode = EIPSEC_MAX;
return ipsec_errlist[ipsec_errcode];
return ipsec_errlist[__ipsec_errcode];
}
void ipsec_set_strerror(char *str)
void __ipsec_set_strerror(char *str)
{
ipsec_errcode = EIPSEC_SYSTEM_ERROR;
__ipsec_errcode = EIPSEC_SYSTEM_ERROR;
ipsec_errlist[EIPSEC_SYSTEM_ERROR] = str;
return;

6
lib/libipsec/ipsec_strerror.h
View File

@ -1,4 +1,4 @@
/* $NetBSD: ipsec_strerror.h,v 1.4 2000/01/31 14:15:31 itojun Exp $ */
/* $NetBSD: ipsec_strerror.h,v 1.5 2000/03/13 21:23:56 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@ -29,8 +29,8 @@
* SUCH DAMAGE.
*/
extern int ipsec_errcode;
extern void ipsec_set_strerror __P((char *));
extern int __ipsec_errcode;
extern void __ipsec_set_strerror __P((char *));
#define EIPSEC_NO_ERROR 0 /*success*/
#define EIPSEC_NOT_SUPPORTED 1 /*not supported*/

136
lib/libipsec/pfkey.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: pfkey.c,v 1.8 2000/02/08 13:17:52 itojun Exp $ */
/* $NetBSD: pfkey.c,v 1.9 2000/03/13 21:23:56 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@ -94,7 +94,7 @@ ipsec_check_keylen(supported, alg_id, keylen)
/* validity check */
if (ipsec_supported == NULL) {
ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST;
__ipsec_errcode = EIPSEC_DO_GET_SUPP_LIST;
return -1;
}
switch (supported) {
@ -102,7 +102,7 @@ ipsec_check_keylen(supported, alg_id, keylen)
case SADB_EXT_SUPPORTED_ENCRYPT:
break;
default:
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return -1;
}
@ -133,18 +133,18 @@ ipsec_check_keylen(supported, alg_id, keylen)
}
}
ipsec_errcode = EIPSEC_NOT_SUPPORTED;
__ipsec_errcode = EIPSEC_NOT_SUPPORTED;
return -1;
/* NOTREACHED */
found:
if (keylen < alg->sadb_alg_minbits
|| keylen > alg->sadb_alg_maxbits) {
ipsec_errcode = EIPSEC_INVAL_KEYLEN;
__ipsec_errcode = EIPSEC_INVAL_KEYLEN;
return -1;
}
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
@ -161,7 +161,7 @@ u_int
pfkey_set_softrate(type, rate)
u_int type, rate;
{
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
if (rate > 100 || rate == 0)
rate = 100;
@ -181,7 +181,7 @@ pfkey_set_softrate(type, rate)
return 0;
}
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return 1;
}
@ -227,15 +227,15 @@ pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
/* validity check */
if (src == NULL || dst == NULL) {
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return -1;
}
if (src->sa_family != dst->sa_family) {
ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
return -1;
}
if (min > max || (min > 0 && min <= 255)) {
ipsec_errcode = EIPSEC_INVAL_SPI;
__ipsec_errcode = EIPSEC_INVAL_SPI;
return -1;
}
@ -252,7 +252,7 @@ pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
}
if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
return -1;
}
@ -293,7 +293,7 @@ pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
if (len < 0)
return -1;
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return len;
}
@ -456,7 +456,7 @@ pfkey_recv_register(so)
sup->sadb_supported_len = PFKEY_EXTLEN(sup);
break;
default:
ipsec_errcode = EIPSEC_INVAL_SATYPE;
__ipsec_errcode = EIPSEC_INVAL_SATYPE;
free(newmsg);
return -1;
}
@ -466,7 +466,7 @@ pfkey_recv_register(so)
}
if (tlen < 0) {
ipsec_errcode = EIPSEC_INVAL_SATYPE;
__ipsec_errcode = EIPSEC_INVAL_SATYPE;
return -1;
}
@ -475,7 +475,7 @@ pfkey_recv_register(so)
ipsec_supported = newmsg;
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
@ -564,16 +564,16 @@ pfkey_send_spdadd(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
/* validity check */
if (src == NULL || dst == NULL) {
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return -1;
}
if (src->sa_family != dst->sa_family) {
ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
return -1;
}
if (prefs > (_INALENBYAF(src->sa_family) << 3)
|| prefd > (_INALENBYAF(dst->sa_family) << 3)) {
ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
__ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
return -1;
}
@ -586,7 +586,7 @@ pfkey_send_spdadd(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
+ policylen;
if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
return -1;
}
@ -612,7 +612,7 @@ pfkey_send_spdadd(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
if (len < 0)
return -1;
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return len;
}
@ -636,16 +636,16 @@ pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, seq)
/* validity check */
if (src == NULL || dst == NULL) {
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return -1;
}
if (src->sa_family != dst->sa_family) {
ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
return -1;
}
if (prefs > (_INALENBYAF(src->sa_family) << 3)
|| prefd > (_INALENBYAF(dst->sa_family) << 3)) {
ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
__ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
return -1;
}
@ -657,7 +657,7 @@ pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, seq)
+ PFKEY_ALIGN8(_SALENBYAF(src->sa_family));
if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
return -1;
}
@ -682,7 +682,7 @@ pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, seq)
if (len < 0)
return -1;
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return len;
}
@ -742,35 +742,35 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
/* validity check */
if (src == NULL || dst == NULL) {
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return -1;
}
if (src->sa_family != dst->sa_family) {
ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
return -1;
}
switch (satype) {
case SADB_SATYPE_ESP:
if (e_type == SADB_EALG_NONE) {
ipsec_errcode = EIPSEC_NO_ALGS;
__ipsec_errcode = EIPSEC_NO_ALGS;
return -1;
}
break;
case SADB_SATYPE_AH:
if (e_type != SADB_EALG_NONE) {
ipsec_errcode = EIPSEC_INVAL_ALGS;
__ipsec_errcode = EIPSEC_INVAL_ALGS;
return -1;
}
if (a_type == SADB_AALG_NONE) {
ipsec_errcode = EIPSEC_NO_ALGS;
__ipsec_errcode = EIPSEC_NO_ALGS;
return -1;
}
break;
case SADB_X_SATYPE_IPCOMP:
break;
default:
ipsec_errcode = EIPSEC_INVAL_SATYPE;
__ipsec_errcode = EIPSEC_INVAL_SATYPE;
return -1;
}
@ -790,7 +790,7 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(a_keylen));
if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
return -1;
}
@ -828,7 +828,7 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
if (len < 0)
return -1;
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return len;
}
@ -846,11 +846,11 @@ pfkey_send_x2(so, type, satype, mode, src, dst, spi)
/* validity check */
if (src == NULL || dst == NULL) {
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return -1;
}
if (src->sa_family != dst->sa_family) {
ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
return -1;
}
@ -863,7 +863,7 @@ pfkey_send_x2(so, type, satype, mode, src, dst, spi)
+ PFKEY_ALIGN8(dst->sa_len);
if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
return -1;
}
@ -887,7 +887,7 @@ pfkey_send_x2(so, type, satype, mode, src, dst, spi)
if (len < 0)
return -1;
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return len;
}
@ -907,7 +907,7 @@ pfkey_send_x3(so, type, satype)
switch (type) {
case SADB_X_PROMISC:
if (satype != 0 && satype != 1) {
ipsec_errcode = EIPSEC_INVAL_SATYPE;
__ipsec_errcode = EIPSEC_INVAL_SATYPE;
return -1;
}
break;
@ -919,7 +919,7 @@ pfkey_send_x3(so, type, satype)
case SADB_X_SATYPE_IPCOMP:
break;
default:
ipsec_errcode = EIPSEC_INVAL_SATYPE;
__ipsec_errcode = EIPSEC_INVAL_SATYPE;
return -1;
}
}
@ -928,7 +928,7 @@ pfkey_send_x3(so, type, satype)
len = sizeof(struct sadb_msg);
if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
return -1;
}
@ -941,7 +941,7 @@ pfkey_send_x3(so, type, satype)
if (len < 0)
return -1;
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return len;
}
@ -958,7 +958,7 @@ pfkey_open()
const int bufsiz = 128 * 1024; /*is 128K enough?*/
if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
return -1;
}
@ -969,7 +969,7 @@ pfkey_open()
(void)setsockopt(so, SOL_SOCKET, SO_SNDBUF, &bufsiz, sizeof(bufsiz));
(void)setsockopt(so, SOL_SOCKET, SO_RCVBUF, &bufsiz, sizeof(bufsiz));
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return so;
}
@ -985,7 +985,7 @@ pfkey_close(so)
{
(void)close(so);
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return;
}
@ -1005,37 +1005,37 @@ pfkey_recv(so)
while ((len = recv(so, (caddr_t)&buf, sizeof(buf), MSG_PEEK)) < 0) {
if (errno == EINTR) continue;
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
return NULL;
}
if (len < sizeof(buf)) {
recv(so, (caddr_t)&buf, sizeof(buf), 0);
ipsec_errcode = EIPSEC_MAX;
__ipsec_errcode = EIPSEC_MAX;
return NULL;
}
/* read real message */
reallen = PFKEY_UNUNIT64(buf.sadb_msg_len);
if ((newmsg = CALLOC(reallen, struct sadb_msg *)) == 0) {
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
return NULL;
}
while ((len = recv(so, (caddr_t)newmsg, reallen, 0)) < 0) {
if (errno == EINTR) continue;
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
free(newmsg);
return NULL;
}
if (len != reallen) {
ipsec_errcode = EIPSEC_SYSTEM_ERROR;
__ipsec_errcode = EIPSEC_SYSTEM_ERROR;
free(newmsg);
return NULL;
}
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return newmsg;
}
@ -1052,11 +1052,11 @@ pfkey_send(so, msg, len)
int len;
{
if ((len = send(so, (caddr_t)msg, len, 0)) < 0) {
ipsec_set_strerror(strerror(errno));
__ipsec_set_strerror(strerror(errno));
return -1;
}
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return len;
}
@ -1083,7 +1083,7 @@ pfkey_align(msg, mhp)
/* validity check */
if (msg == NULL || mhp == NULL) {
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return -1;
}
@ -1100,7 +1100,7 @@ pfkey_align(msg, mhp)
/* duplicate check */
/* XXX Are there duplication either KEY_AUTH or KEY_ENCRYPT ?*/
if (mhp[ext->sadb_ext_type] != NULL) {
ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
return -1;
}
@ -1128,7 +1128,7 @@ pfkey_align(msg, mhp)
mhp[ext->sadb_ext_type] = (caddr_t)ext;
break;
default:
ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
__ipsec_errcode = EIPSEC_INVAL_EXTTYPE;
return -1;
}
@ -1137,7 +1137,7 @@ pfkey_align(msg, mhp)
ext = (struct sadb_ext *)((caddr_t)ext + extlen);
}
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
@ -1160,7 +1160,7 @@ pfkey_check(mhp)
/* validity check */
if (mhp == NULL || mhp[0] == NULL) {
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return -1;
}
@ -1168,13 +1168,13 @@ pfkey_check(mhp)
/* check version */
if (msg->sadb_msg_version != PF_KEY_V2) {
ipsec_errcode = EIPSEC_INVAL_VERSION;
__ipsec_errcode = EIPSEC_INVAL_VERSION;
return -1;
}
/* check type */
if (msg->sadb_msg_type > SADB_MAX) {
ipsec_errcode = EIPSEC_INVAL_MSGTYPE;
__ipsec_errcode = EIPSEC_INVAL_MSGTYPE;
return -1;
}
@ -1189,7 +1189,7 @@ pfkey_check(mhp)
case SADB_GET:
case SADB_ACQUIRE:
case SADB_EXPIRE:
ipsec_errcode = EIPSEC_INVAL_SATYPE;
__ipsec_errcode = EIPSEC_INVAL_SATYPE;
return -1;
}
break;
@ -1202,7 +1202,7 @@ pfkey_check(mhp)
case SADB_X_SPDGET:
case SADB_X_SPDDUMP:
case SADB_X_SPDFLUSH:
ipsec_errcode = EIPSEC_INVAL_SATYPE;
__ipsec_errcode = EIPSEC_INVAL_SATYPE;
return -1;
}
break;
@ -1210,14 +1210,14 @@ pfkey_check(mhp)
case SADB_SATYPE_OSPFV2:
case SADB_SATYPE_RIPV2:
case SADB_SATYPE_MIP:
ipsec_errcode = EIPSEC_NOT_SUPPORTED;
__ipsec_errcode = EIPSEC_NOT_SUPPORTED;
return -1;
case 1: /* XXX: What does it do ? */
if (msg->sadb_msg_type == SADB_X_PROMISC)
break;
/*FALLTHROUGH*/
default:
ipsec_errcode = EIPSEC_INVAL_SATYPE;
__ipsec_errcode = EIPSEC_INVAL_SATYPE;
return -1;
}
@ -1230,13 +1230,13 @@ pfkey_check(mhp)
dst0 = (struct sadb_address *)(mhp[SADB_EXT_ADDRESS_DST]);
if (src0->sadb_address_proto != dst0->sadb_address_proto) {
ipsec_errcode = EIPSEC_PROTO_MISMATCH;
__ipsec_errcode = EIPSEC_PROTO_MISMATCH;
return -1;
}
if (PFKEY_ADDR_SADDR(src0)->sa_family
!= PFKEY_ADDR_SADDR(dst0)->sa_family) {
ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
return -1;
}
@ -1245,7 +1245,7 @@ pfkey_check(mhp)
case AF_INET6:
break;
default:
ipsec_errcode = EIPSEC_INVAL_FAMILY;
__ipsec_errcode = EIPSEC_INVAL_FAMILY;
return -1;
}
@ -1255,7 +1255,7 @@ pfkey_check(mhp)
*/
}
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}

48
lib/libipsec/policy_parse.y
View File

@ -1,4 +1,4 @@
/* $NetBSD: policy_parse.y,v 1.1 2000/02/01 03:08:37 itojun Exp $ */
/* $NetBSD: policy_parse.y,v 1.2 2000/03/13 21:23:56 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@ -139,11 +139,11 @@ rule
| protocol SLASH mode SLASH SLASH level
| protocol SLASH mode
| protocol SLASH {
ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
__ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
return -1;
}
| protocol {
ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
__ipsec_errcode = EIPSEC_FEW_ARGUMENTS;
return -1;
}
;
@ -181,13 +181,13 @@ addresses
}
| ME HYPHEN ANY {
if (p_dir != IPSEC_DIR_OUTBOUND) {
ipsec_errcode = EIPSEC_INVAL_DIR;
__ipsec_errcode = EIPSEC_INVAL_DIR;
return -1;
}
}
| ANY HYPHEN ME {
if (p_dir != IPSEC_DIR_INBOUND) {
ipsec_errcode = EIPSEC_INVAL_DIR;
__ipsec_errcode = EIPSEC_INVAL_DIR;
return -1;
}
}
@ -225,19 +225,19 @@ parse_sockaddr(buf)
error = getaddrinfo(buf->buf, serv, &hints, &res);
if (error != 0) {
yyerror("invalid IP address");
ipsec_set_strerror(gai_strerror(error));
__ipsec_set_strerror(gai_strerror(error));
return NULL;
}
if (res->ai_addr == NULL) {
yyerror("invalid IP address");
ipsec_set_strerror(gai_strerror(error));
__ipsec_set_strerror(gai_strerror(error));
return NULL;
}
newaddr = malloc(res->ai_addr->sa_len);
if (newaddr == NULL) {
ipsec_errcode = EIPSEC_NO_BUFS;
__ipsec_errcode = EIPSEC_NO_BUFS;
freeaddrinfo(res);
return NULL;
}
@ -245,7 +245,7 @@ parse_sockaddr(buf)
freeaddrinfo(res);
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return newaddr;
}
@ -254,29 +254,29 @@ rule_check()
{
if (p_type == IPSEC_POLICY_IPSEC) {
if (p_protocol == IPPROTO_IP) {
ipsec_errcode = EIPSEC_NO_PROTO;
__ipsec_errcode = EIPSEC_NO_PROTO;
return -1;
}
if (p_mode != IPSEC_MODE_TRANSPORT
&& p_mode != IPSEC_MODE_TUNNEL) {
ipsec_errcode = EIPSEC_INVAL_MODE;
__ipsec_errcode = EIPSEC_INVAL_MODE;
return -1;
}
if (p_src == NULL && p_dst == NULL) {
if (p_mode != IPSEC_MODE_TRANSPORT) {
ipsec_errcode = EIPSEC_INVAL_ADDRESS;
__ipsec_errcode = EIPSEC_INVAL_ADDRESS;
return -1;
}
}
else if (p_src->sa_family != p_dst->sa_family) {
ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
return -1;
}
}
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
@ -289,7 +289,7 @@ init_x_policy()
pbuf = malloc(tlen);
if (pbuf == NULL) {
ipsec_errcode = EIPSEC_NO_BUFS;
__ipsec_errcode = EIPSEC_NO_BUFS;
return -1;
}
p = (struct sadb_x_policy *)pbuf;
@ -300,7 +300,7 @@ init_x_policy()
p->sadb_x_policy_reserved = 0;
offset = tlen;
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
@ -318,7 +318,7 @@ set_x_request(src, dst)
pbuf = realloc(pbuf, tlen);
if (pbuf == NULL) {
ipsec_errcode = EIPSEC_NO_BUFS;
__ipsec_errcode = EIPSEC_NO_BUFS;
return -1;
}
p = (struct sadb_x_ipsecrequest *)&pbuf[offset];
@ -332,7 +332,7 @@ set_x_request(src, dst)
if (set_sockaddr(src) || set_sockaddr(dst))
return -1;
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
@ -341,7 +341,7 @@ set_sockaddr(addr)
struct sockaddr *addr;
{
if (addr == NULL) {
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
@ -351,7 +351,7 @@ set_sockaddr(addr)
offset += addr->sa_len;
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return 0;
}
@ -399,7 +399,7 @@ policy_parse(msg, msglen)
/* update total length */
((struct sadb_x_policy *)pbuf)->sadb_x_policy_len = PFKEY_UNIT64(tlen);
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return pbuf;
}
@ -413,12 +413,12 @@ ipsec_set_policy(msg, msglen)
policy = policy_parse(msg, msglen);
if (policy == NULL) {
if (ipsec_errcode == EIPSEC_NO_ERROR)
ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
if (__ipsec_errcode == EIPSEC_NO_ERROR)
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
return NULL;
}
ipsec_errcode = EIPSEC_NO_ERROR;
__ipsec_errcode = EIPSEC_NO_ERROR;
return policy;
}

10
lib/libipsec/policy_token.l
View File

@ -1,4 +1,4 @@
/* $NetBSD: policy_token.l,v 1.2 2000/02/08 13:17:52 itojun Exp $ */
/* $NetBSD: policy_token.l,v 1.3 2000/03/13 21:23:56 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@ -46,7 +46,11 @@
#include <unistd.h>
#include <errno.h>
#ifndef __NetBSD__
#include "y.tab.h"
#else
#include "policy_parse.h"
#endif
#define yylval __libyylval /* XXX */
int yylex __P((void));
@ -80,9 +84,7 @@ decstring {digit}+
hexpair {hexdigit}{hexdigit}
hexstring 0[xX]{hexdigit}+
octetstring {octet}({dot}{octet})+
ipaddress [a-zA-Z0-9:\._][a-zA-Z0-9:\._]*
name {letter}(({letter}|{digit}|{hyphen})*({letter}|{digit}))*
hostname {name}(({dot}{name})+{dot}?)?
ipaddress [a-zA-Z0-9:\._][a-zA-Z0-9:\._]*(%[a-zA-Z0-9]+)?
%%

4
lib/libipsec/shlib_version
View File

@ -1,5 +1,5 @@
# $NetBSD: shlib_version,v 1.2 2000/01/31 14:15:32 itojun Exp $
# $NetBSD: shlib_version,v 1.3 2000/03/13 21:23:56 itojun Exp $
# Remember to update distrib/sets/lists/base/shl.* when changing
#
major=1
major=2
minor=0