Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

setkey: enable to use the getspi API

Browse Source 
If a specified SPI is not zero, tell the kernel to use the SPI by using
SADB_EXT_SPIRANGE.  Otherwise, the kernel picks a random SPI.

It enables to mimic racoon.
This commit is contained in:
ozaki-r 2019-07-23 04:30:32 +00:00
parent 58b6a74e54
commit 8e5aa2c9b8
2 changed files with 31 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
crypto/dist/ipsec-tools/src/setkey/parse.y vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: parse.y,v 1.22 2018/10/14 08:27:39 maxv Exp $ */
/* $NetBSD: parse.y,v 1.23 2019/07/23 04:30:32 ozaki-r Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
/*
@ -114,7 +114,7 @@ static int setkeymsg_add(unsigned int, unsigned int,
}
%token EOT SLASH BLCL ELCL
%token ADD UPDATE GET DELETE DELETEALL FLUSH DUMP EXIT
%token ADD UPDATE GET GETSPI DELETE DELETEALL FLUSH DUMP EXIT
%token PR_ESP PR_AH PR_IPCOMP PR_ESPUDP PR_TCP
%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
%token F_MODE MODE F_REQID
@ -161,6 +161,7 @@ command
: add_command
| update_command
| get_command
| getspi_command
| delete_command
| deleteall_command
| flush_command
@ -260,6 +261,17 @@ get_command
}
;
/* getspi command */
getspi_command
: GETSPI ipaddropts ipandport ipandport protocol_spec spi extension_spec EOT
{
int status;
status = setkeymsg_add(SADB_GETSPI, $5, $3, $4);
if (status < 0)
return -1;
}
/* flush */
flush_command
: FLUSH protocol_spec EOT
@ -1389,6 +1401,21 @@ setkeymsg_add(unsigned int type, unsigned int satype, struct addrinfo *srcs,
}
#endif
/* SPI == 0 allows the kernel to pick a random SPI */
if (type == SADB_GETSPI && p_spi != 0) {
struct sadb_spirange spirange;
u_int slen = sizeof(struct sadb_spirange);
memset(&spirange, 0, sizeof(spirange));
spirange.sadb_spirange_len = PFKEY_UNIT64(slen);
spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE;
spirange.sadb_spirange_min = p_spi;
spirange.sadb_spirange_max = p_spi;
memcpy(buf + l, &spirange, slen);
l += slen;
}
len = sizeof(struct sadb_sa);
m_sa.sadb_sa_len = PFKEY_UNIT64(len);
m_sa.sadb_sa_exttype = SADB_EXT_SA;

3
crypto/dist/ipsec-tools/src/setkey/token.l vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: token.l,v 1.22 2018/10/14 08:27:39 maxv Exp $ */
/* $NetBSD: token.l,v 1.23 2019/07/23 04:30:32 ozaki-r Exp $ */
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
/*
@ -119,6 +119,7 @@ update { return(UPDATE); }
delete { return(DELETE); }
deleteall { return(DELETEALL); }
get { return(GET); }
getspi { return(GETSPI); }
flush { return(FLUSH); }
dump { return(DUMP); }
exit { return(EXIT); }