sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below. kernel: - make PF_KEY kernel interface more robust against broken input stream. it includes complete internal structure change in sys/netkey/key.c. - remove non-RFC compliant change in PF_KEY API, in particular, in struct sadb_msg. we cannot just change these standard structs. sadb_x_sa2 is introduced instead. - remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h. these functions are not supplied in /usr/lib. setkey(8): - get/delete does not require "-m mode" (ignored with warning, if you specify it) - spddelete takes direction specification
This commit is contained in:
parent
0c0d0ee98e
commit
92e64a4a0d
@ -1,4 +1,5 @@
|
||||
/* $NetBSD: ipsec_dump_policy.c,v 1.2 2000/03/13 21:23:55 itojun Exp $ */
|
||||
/* $NetBSD: ipsec_dump_policy.c,v 1.3 2000/06/12 10:40:52 itojun Exp $ */
|
||||
/* $KAME: ipsec_dump_policy.c,v 1.11 2000/05/07 05:29:47 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
@ -42,13 +43,10 @@
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <netdb.h>
|
||||
|
||||
#include "ipsec_strerror.h"
|
||||
|
||||
#ifdef USE_GETNAMEINFO
|
||||
#undef USE_GETNAMEINFO
|
||||
#endif
|
||||
|
||||
static const char *ipsp_dir_strs[] = {
|
||||
"any", "in", "out",
|
||||
};
|
||||
@ -57,7 +55,11 @@ static const char *ipsp_policy_strs[] = {
|
||||
"discard", "none", "ipsec", "entrust", "bypass",
|
||||
};
|
||||
|
||||
static int set_addresses __P((char *buf, caddr_t ptr));
|
||||
static char *ipsec_dump_ipsecrequest __P((char *, size_t,
|
||||
struct sadb_x_ipsecrequest *, size_t));
|
||||
static int set_addresses __P((char *, size_t, struct sockaddr *,
|
||||
struct sockaddr *));
|
||||
static char *set_address __P((char *, size_t, struct sockaddr *));
|
||||
|
||||
/*
|
||||
* policy is sadb_x_policy buffer.
|
||||
@ -71,9 +73,10 @@ ipsec_dump_policy(policy, delimiter)
|
||||
{
|
||||
struct sadb_x_policy *xpl = (struct sadb_x_policy *)policy;
|
||||
struct sadb_x_ipsecrequest *xisr;
|
||||
int xtlen, buflen;
|
||||
size_t off, buflen;
|
||||
char *buf;
|
||||
int error;
|
||||
char isrbuf[1024];
|
||||
char *newbuf;
|
||||
|
||||
/* sanity check */
|
||||
if (policy == NULL)
|
||||
@ -118,159 +121,187 @@ ipsec_dump_policy(policy, delimiter)
|
||||
__ipsec_errcode = EIPSEC_NO_BUFS;
|
||||
return NULL;
|
||||
}
|
||||
strcpy(buf, ipsp_dir_strs[xpl->sadb_x_policy_dir]);
|
||||
strcat(buf, " ");
|
||||
strcat(buf, ipsp_policy_strs[xpl->sadb_x_policy_type]);
|
||||
snprintf(buf, buflen, "%s %s", ipsp_dir_strs[xpl->sadb_x_policy_dir],
|
||||
ipsp_policy_strs[xpl->sadb_x_policy_type]);
|
||||
|
||||
if (xpl->sadb_x_policy_type != IPSEC_POLICY_IPSEC) {
|
||||
__ipsec_errcode = EIPSEC_NO_ERROR;
|
||||
return buf;
|
||||
}
|
||||
|
||||
xtlen = PFKEY_EXTLEN(xpl) - sizeof(*xpl);
|
||||
xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
|
||||
|
||||
/* count length of buffer for use */
|
||||
/* XXX non-seriously */
|
||||
while (xtlen > 0) {
|
||||
/* protocol/mode/addresses/level */
|
||||
buflen += (10 + 10 + 82 + 20);
|
||||
xtlen -= xisr->sadb_x_ipsecrequest_len;
|
||||
xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
|
||||
+ xisr->sadb_x_ipsecrequest_len);
|
||||
off = sizeof(*xpl);
|
||||
while (off < PFKEY_EXTLEN(xpl)) {
|
||||
xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xpl + off);
|
||||
off += xisr->sadb_x_ipsecrequest_len;
|
||||
}
|
||||
|
||||
/* validity check */
|
||||
if (xtlen < 0) {
|
||||
if (off != PFKEY_EXTLEN(xpl)) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_SADBMSG;
|
||||
free(buf);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if ((buf = realloc(buf, buflen)) == NULL) {
|
||||
__ipsec_errcode = EIPSEC_NO_BUFS;
|
||||
return NULL;
|
||||
}
|
||||
off = sizeof(*xpl);
|
||||
while (off < PFKEY_EXTLEN(xpl)) {
|
||||
xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xpl + off);
|
||||
|
||||
xtlen = PFKEY_EXTLEN(xpl) - sizeof(*xpl);
|
||||
xisr = (struct sadb_x_ipsecrequest *)(xpl + 1);
|
||||
|
||||
while (xtlen > 0) {
|
||||
strcat(buf, delimiter);
|
||||
|
||||
switch (xisr->sadb_x_ipsecrequest_proto) {
|
||||
case IPPROTO_ESP:
|
||||
strcat(buf, "esp");
|
||||
break;
|
||||
case IPPROTO_AH:
|
||||
strcat(buf, "ah");
|
||||
break;
|
||||
case IPPROTO_IPCOMP:
|
||||
strcat(buf, "ipcomp");
|
||||
break;
|
||||
default:
|
||||
__ipsec_errcode = EIPSEC_INVAL_PROTO;
|
||||
if (ipsec_dump_ipsecrequest(isrbuf, sizeof(isrbuf), xisr,
|
||||
PFKEY_EXTLEN(xpl) - off) == NULL) {
|
||||
free(buf);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
strcat(buf, "/");
|
||||
|
||||
switch (xisr->sadb_x_ipsecrequest_mode) {
|
||||
case IPSEC_MODE_ANY:
|
||||
strcat(buf, "any");
|
||||
break;
|
||||
case IPSEC_MODE_TRANSPORT:
|
||||
strcat(buf, "transport");
|
||||
break;
|
||||
case IPSEC_MODE_TUNNEL:
|
||||
strcat(buf, "tunnel");
|
||||
break;
|
||||
default:
|
||||
__ipsec_errcode = EIPSEC_INVAL_MODE;
|
||||
buflen = strlen(buf) + strlen(delimiter) + strlen(isrbuf) + 1;
|
||||
newbuf = (char *)realloc(buf, buflen);
|
||||
if (newbuf == NULL) {
|
||||
__ipsec_errcode = EIPSEC_NO_BUFS;
|
||||
free(buf);
|
||||
return NULL;
|
||||
}
|
||||
buf = newbuf;
|
||||
snprintf(buf, buflen, "%s%s%s", buf, delimiter, isrbuf);
|
||||
|
||||
strcat(buf, "/");
|
||||
|
||||
if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
|
||||
error = set_addresses(buf, (caddr_t)(xisr + 1));
|
||||
if (error) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_MODE;
|
||||
free(buf);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
switch (xisr->sadb_x_ipsecrequest_level) {
|
||||
case IPSEC_LEVEL_DEFAULT:
|
||||
strcat(buf, "/default");
|
||||
break;
|
||||
case IPSEC_LEVEL_USE:
|
||||
strcat(buf, "/use");
|
||||
break;
|
||||
case IPSEC_LEVEL_REQUIRE:
|
||||
strcat(buf, "/require");
|
||||
break;
|
||||
case IPSEC_LEVEL_UNIQUE:
|
||||
strcat(buf, "/unique");
|
||||
break;
|
||||
default:
|
||||
__ipsec_errcode = EIPSEC_INVAL_LEVEL;
|
||||
free(buf);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (xisr->sadb_x_ipsecrequest_reqid != 0) {
|
||||
char id[16];
|
||||
if (xisr->sadb_x_ipsecrequest_reqid
|
||||
> IPSEC_MANUAL_REQID_MAX)
|
||||
strcat(buf, "#");
|
||||
else
|
||||
strcat(buf, ":");
|
||||
snprintf(id, sizeof(id), "%d",
|
||||
xisr->sadb_x_ipsecrequest_reqid);
|
||||
strcat(buf, id);
|
||||
}
|
||||
|
||||
xtlen -= xisr->sadb_x_ipsecrequest_len;
|
||||
xisr = (struct sadb_x_ipsecrequest *)((caddr_t)xisr
|
||||
+ xisr->sadb_x_ipsecrequest_len);
|
||||
off += xisr->sadb_x_ipsecrequest_len;
|
||||
}
|
||||
|
||||
__ipsec_errcode = EIPSEC_NO_ERROR;
|
||||
return buf;
|
||||
}
|
||||
|
||||
static int
|
||||
set_addresses(buf, ptr)
|
||||
static char *
|
||||
ipsec_dump_ipsecrequest(buf, len, xisr, bound)
|
||||
char *buf;
|
||||
caddr_t ptr;
|
||||
size_t len;
|
||||
struct sadb_x_ipsecrequest *xisr;
|
||||
size_t bound; /* boundary */
|
||||
{
|
||||
char tmp[100]; /* XXX */
|
||||
struct sockaddr *saddr = (struct sockaddr *)ptr;
|
||||
const char *proto, *mode, *level;
|
||||
char abuf[NI_MAXHOST * 2 + 2];
|
||||
|
||||
#ifdef USE_GETNAMEINFO
|
||||
getnameinfo(saddr, saddr->sa_len, tmp, sizeof(tmp),
|
||||
NULL, 0, NI_NUMERICHOST);
|
||||
#else
|
||||
inet_ntop(saddr->sa_family, _INADDRBYSA(saddr),
|
||||
tmp, sizeof(tmp));
|
||||
#endif
|
||||
strcat(buf, tmp);
|
||||
if (xisr->sadb_x_ipsecrequest_len > bound) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_PROTO;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
strcat(buf, "-");
|
||||
switch (xisr->sadb_x_ipsecrequest_proto) {
|
||||
case IPPROTO_ESP:
|
||||
proto = "esp";
|
||||
break;
|
||||
case IPPROTO_AH:
|
||||
proto = "ah";
|
||||
break;
|
||||
case IPPROTO_IPCOMP:
|
||||
proto = "ipcomp";
|
||||
break;
|
||||
default:
|
||||
__ipsec_errcode = EIPSEC_INVAL_PROTO;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
saddr = (struct sockaddr *)((caddr_t)saddr + saddr->sa_len);
|
||||
#ifdef USE_GETNAMEINFO
|
||||
getnameinfo(saddr, saddr->sa_len, tmp, sizeof(tmp),
|
||||
NULL, 0, NI_NUMERICHOST);
|
||||
#else
|
||||
inet_ntop(saddr->sa_family, _INADDRBYSA(saddr),
|
||||
tmp, sizeof(tmp));
|
||||
#endif
|
||||
strcat(buf, tmp);
|
||||
switch (xisr->sadb_x_ipsecrequest_mode) {
|
||||
case IPSEC_MODE_ANY:
|
||||
mode = "any";
|
||||
break;
|
||||
case IPSEC_MODE_TRANSPORT:
|
||||
mode = "transport";
|
||||
break;
|
||||
case IPSEC_MODE_TUNNEL:
|
||||
mode = "tunnel";
|
||||
break;
|
||||
default:
|
||||
__ipsec_errcode = EIPSEC_INVAL_MODE;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
abuf[0] = '\0';
|
||||
if (xisr->sadb_x_ipsecrequest_len > sizeof(*xisr)) {
|
||||
struct sockaddr *sa1, *sa2;
|
||||
caddr_t p;
|
||||
|
||||
p = (caddr_t)(xisr + 1);
|
||||
sa1 = (struct sockaddr *)p;
|
||||
sa2 = (struct sockaddr *)(p + sa1->sa_len);
|
||||
if (sizeof(*xisr) + sa1->sa_len + sa2->sa_len !=
|
||||
xisr->sadb_x_ipsecrequest_len) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_ADDRESS;
|
||||
return NULL;
|
||||
}
|
||||
if (set_addresses(abuf, sizeof(abuf), sa1, sa2) != 0) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_ADDRESS;
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
switch (xisr->sadb_x_ipsecrequest_level) {
|
||||
case IPSEC_LEVEL_DEFAULT:
|
||||
level = "default";
|
||||
break;
|
||||
case IPSEC_LEVEL_USE:
|
||||
level = "use";
|
||||
break;
|
||||
case IPSEC_LEVEL_REQUIRE:
|
||||
level = "require";
|
||||
break;
|
||||
case IPSEC_LEVEL_UNIQUE:
|
||||
level = "unique";
|
||||
break;
|
||||
default:
|
||||
__ipsec_errcode = EIPSEC_INVAL_LEVEL;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (xisr->sadb_x_ipsecrequest_reqid == 0)
|
||||
snprintf(buf, len, "%s/%s/%s/%s", proto, mode, abuf, level);
|
||||
else {
|
||||
int ch;
|
||||
|
||||
if (xisr->sadb_x_ipsecrequest_reqid > IPSEC_MANUAL_REQID_MAX)
|
||||
ch = '#';
|
||||
else
|
||||
ch = ':';
|
||||
snprintf(buf, len, "%s/%s/%s/%s%c%d", proto, mode, abuf, level,
|
||||
ch, xisr->sadb_x_ipsecrequest_reqid);
|
||||
}
|
||||
|
||||
return buf;
|
||||
}
|
||||
|
||||
static int
|
||||
set_addresses(buf, len, sa1, sa2)
|
||||
char *buf;
|
||||
size_t len;
|
||||
struct sockaddr *sa1;
|
||||
struct sockaddr *sa2;
|
||||
{
|
||||
char tmp1[NI_MAXHOST], tmp2[NI_MAXHOST];
|
||||
|
||||
if (set_address(tmp1, sizeof(tmp1), sa1) == NULL ||
|
||||
set_address(tmp2, sizeof(tmp2), sa2) == NULL)
|
||||
return -1;
|
||||
if (strlen(tmp1) + 1 + strlen(tmp2) + 1 > len)
|
||||
return -1;
|
||||
snprintf(buf, len, "%s-%s", tmp1, tmp2);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static char *
|
||||
set_address(buf, len, sa)
|
||||
char *buf;
|
||||
size_t len;
|
||||
struct sockaddr *sa;
|
||||
{
|
||||
#ifdef NI_WITHSCOPEID
|
||||
const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
|
||||
#else
|
||||
const int niflags = NI_NUMERICHOST;
|
||||
#endif
|
||||
|
||||
if (len < 1)
|
||||
return NULL;
|
||||
buf[0] = '\0';
|
||||
if (getnameinfo(sa, sa->sa_len, buf, len, NULL, 0, niflags) != 0)
|
||||
return NULL;
|
||||
return buf;
|
||||
}
|
||||
|
@ -1,4 +1,5 @@
|
||||
/* $NetBSD: ipsec_get_policylen.c,v 1.2 2000/02/08 13:17:51 itojun Exp $ */
|
||||
/* $NetBSD: ipsec_get_policylen.c,v 1.3 2000/06/12 10:40:52 itojun Exp $ */
|
||||
/* $KAME: ipsec_get_policylen.c,v 1.5 2000/05/07 05:25:03 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
|
@ -1,4 +1,7 @@
|
||||
.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
.\" $NetBSD: ipsec_set_policy.3,v 1.7 2000/06/12 10:40:52 itojun Exp $
|
||||
.\" $KAME: ipsec_set_policy.3,v 1.10 2000/05/07 05:25:03 itojun Exp $
|
||||
.\"
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
@ -25,13 +28,9 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $NetBSD: ipsec_set_policy.3,v 1.6 2000/01/31 14:15:31 itojun Exp $
|
||||
.\" KAME Id: ipsec_set_policy.3,v 1.8 2000/01/27 17:59:12 itojun Exp
|
||||
.\"
|
||||
.Dd May 5, 1998
|
||||
.Dt IPSEC_SET_POLICY 3
|
||||
.Os
|
||||
.\"
|
||||
.Sh NAME
|
||||
.Nm ipsec_set_policy ,
|
||||
.Nm ipsec_get_policylen ,
|
||||
@ -40,7 +39,6 @@
|
||||
.\"
|
||||
.Sh LIBRARY
|
||||
.Lb libipsec
|
||||
.\"
|
||||
.Sh SYNOPSIS
|
||||
.Fd #include <netinet6/ipsec.h>
|
||||
.Ft "char *"
|
||||
@ -49,7 +47,6 @@
|
||||
.Fn ipsec_get_policylen "char *buf"
|
||||
.Ft "char *"
|
||||
.Fn ipsec_dump_policy "char *buf" "char *delim"
|
||||
.\"
|
||||
.Sh DESCRIPTION
|
||||
.Fn ipsec_set_policy
|
||||
generates IPsec policy specification structure, namely
|
||||
@ -92,7 +89,6 @@ returns pointer to dynamically allocated string.
|
||||
It is caller's responsibility to reclaim the region, by using
|
||||
.Xr free 3 .
|
||||
.Pp
|
||||
.\"
|
||||
.Fa policy
|
||||
is formatted as either of the following:
|
||||
.Bl -tag -width "discard"
|
||||
@ -110,9 +106,7 @@ means to consult to SPD defined by
|
||||
.It Ar direction Li bypass
|
||||
.Li bypass
|
||||
means to be bypassed the IPsec processing.
|
||||
.Po
|
||||
packet will be transmitted in clear
|
||||
.Pc .
|
||||
.Pq packet will be transmitted in clear .
|
||||
This is for privileged socket.
|
||||
.It Xo
|
||||
.Ar direction
|
||||
@ -243,7 +237,6 @@ out ipsec esp/transport/10.1.1.2-10.1.1.1/use
|
||||
in ipsec ipcomp/transport/10.1.1.2-10.1.1.1/use
|
||||
esp/transport/10.1.1.2-10.1.1.1/use
|
||||
.Ed
|
||||
.\"
|
||||
.Sh RETURN VALUES
|
||||
.Fn ipsec_set_policy
|
||||
returns a pointer to the allocated buffer of policy specification if successful; otherwise a NULL pointer is returned.
|
||||
@ -256,14 +249,9 @@ returns a pointer to dynamically allocated region on success,
|
||||
and
|
||||
.Dv NULL
|
||||
on errors.
|
||||
.\"
|
||||
.Sh SEE ALSO
|
||||
.Xr ipsec_strerror 3 ,
|
||||
.Xr ispec 4 ,
|
||||
.Xr setkey 8
|
||||
.\"
|
||||
.Sh HISTORY
|
||||
The functions first appeared in WIDE/KAME IPv6 protocol stack kit.
|
||||
.\"
|
||||
.\" .Sh BUGS
|
||||
.\" (to be written)
|
||||
|
@ -1,4 +1,7 @@
|
||||
.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
.\" $NetBSD: ipsec_strerror.3,v 1.7 2000/06/12 10:40:52 itojun Exp $
|
||||
.\" $KAME: ipsec_strerror.3,v 1.6 2000/05/07 05:25:03 itojun Exp $
|
||||
.\"
|
||||
.\" All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
@ -25,9 +28,6 @@
|
||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $NetBSD: ipsec_strerror.3,v 1.6 2000/01/31 14:15:31 itojun Exp $
|
||||
.\" KAME Id: ipsec_strerror.3,v 1.4 2000/01/27 17:59:13 itojun Exp
|
||||
.\"
|
||||
.Dd May 6, 1998
|
||||
.Dt IPSEC_STRERROR 3
|
||||
.Os
|
||||
@ -73,7 +73,8 @@ invalid, or overwritten.
|
||||
always return a pointer to C string.
|
||||
The C string must not be overwritten by user programs.
|
||||
.\"
|
||||
.\" .Sh SEE ALSO
|
||||
.Sh SEE ALSO
|
||||
.Xr ipsec_set_policy 3
|
||||
.\"
|
||||
.Sh HISTORY
|
||||
The functions first appeared in WIDE/KAME IPv6 protocol stack kit.
|
||||
|
@ -1,4 +1,5 @@
|
||||
/* $NetBSD: ipsec_strerror.c,v 1.5 2000/03/13 21:23:55 itojun Exp $ */
|
||||
/* $NetBSD: ipsec_strerror.c,v 1.6 2000/06/12 10:40:52 itojun Exp $ */
|
||||
/* $KAME: ipsec_strerror.c,v 1.6 2000/05/07 05:25:03 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
|
@ -1,4 +1,5 @@
|
||||
/* $NetBSD: ipsec_strerror.h,v 1.5 2000/03/13 21:23:56 itojun Exp $ */
|
||||
/* $NetBSD: ipsec_strerror.h,v 1.6 2000/06/12 10:40:52 itojun Exp $ */
|
||||
/* $KAME: ipsec_strerror.h,v 1.7 2000/05/07 05:25:03 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
|
77
lib/libipsec/libpfkey.h
Normal file
77
lib/libipsec/libpfkey.h
Normal file
@ -0,0 +1,77 @@
|
||||
/* $NetBSD: libpfkey.h,v 1.1 2000/06/12 10:40:52 itojun Exp $ */
|
||||
/* $KAME: libpfkey.h,v 1.1 2000/06/08 21:28:32 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
extern void pfkey_sadump __P((struct sadb_msg *));
|
||||
extern void pfkey_spdump __P((struct sadb_msg *));
|
||||
|
||||
struct sockaddr;
|
||||
int ipsec_check_keylen __P((u_int, u_int, u_int));
|
||||
u_int pfkey_set_softrate __P((u_int, u_int));
|
||||
u_int pfkey_get_softrate __P((u_int));
|
||||
int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *,
|
||||
struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t));
|
||||
int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *,
|
||||
struct sockaddr *, u_int32_t, u_int32_t, u_int,
|
||||
caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
|
||||
u_int64_t, u_int64_t, u_int32_t));
|
||||
int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *,
|
||||
struct sockaddr *, u_int32_t, u_int32_t, u_int,
|
||||
caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
|
||||
u_int64_t, u_int64_t, u_int32_t));
|
||||
int pfkey_send_delete __P((int, u_int, u_int,
|
||||
struct sockaddr *, struct sockaddr *, u_int32_t));
|
||||
int pfkey_send_get __P((int, u_int, u_int,
|
||||
struct sockaddr *, struct sockaddr *, u_int32_t));
|
||||
int pfkey_send_register __P((int, u_int));
|
||||
int pfkey_recv_register __P((int));
|
||||
int pfkey_send_flush __P((int, u_int));
|
||||
int pfkey_send_dump __P((int, u_int));
|
||||
int pfkey_send_promisc_toggle __P((int, int));
|
||||
int pfkey_send_spdadd __P((int, struct sockaddr *, u_int,
|
||||
struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
|
||||
int pfkey_send_spdupdate __P((int, struct sockaddr *, u_int,
|
||||
struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
|
||||
int pfkey_send_spddelete __P((int, struct sockaddr *, u_int,
|
||||
struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
|
||||
int pfkey_send_spddelete2 __P((int, u_int32_t));
|
||||
int pfkey_send_spdget __P((int, u_int32_t));
|
||||
int pfkey_send_spdsetidx __P((int, struct sockaddr *, u_int,
|
||||
struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
|
||||
int pfkey_send_spdflush __P((int));
|
||||
int pfkey_send_spddump __P((int));
|
||||
|
||||
int pfkey_open __P((void));
|
||||
void pfkey_close __P((int));
|
||||
struct sadb_msg *pfkey_recv __P((int));
|
||||
int pfkey_send __P((int, struct sadb_msg *, int));
|
||||
int pfkey_align __P((struct sadb_msg *, caddr_t *));
|
||||
int pfkey_check __P((caddr_t *));
|
@ -1,4 +1,5 @@
|
||||
/* $NetBSD: pfkey.c,v 1.9 2000/03/13 21:23:56 itojun Exp $ */
|
||||
/* $NetBSD: pfkey.c,v 1.10 2000/06/12 10:40:52 itojun Exp $ */
|
||||
/* $KAME: pfkey.c,v 1.31 2000/06/10 14:17:43 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
@ -43,32 +44,31 @@
|
||||
#include <errno.h>
|
||||
|
||||
#include "ipsec_strerror.h"
|
||||
#include "libpfkey.h"
|
||||
|
||||
#define CALLOC(size, cast) (cast)calloc(1, (size))
|
||||
|
||||
static int pfkey_send_x1 __P((int so, u_int type, u_int satype, u_int mode,
|
||||
struct sockaddr *src, struct sockaddr *dst, u_int32_t spi,
|
||||
u_int32_t reqid, u_int wsize,
|
||||
caddr_t keymat,
|
||||
u_int e_type, u_int e_keylen, u_int a_type, u_int a_keylen,
|
||||
u_int flags,
|
||||
u_int32_t l_alloc, u_int32_t l_bytes,
|
||||
u_int32_t l_addtime, u_int32_t l_usetime, u_int32_t seq));
|
||||
static int pfkey_send_x2 __P((int so, u_int type, u_int satype, u_int mode,
|
||||
struct sockaddr *src, struct sockaddr *dst, u_int32_t spi));
|
||||
static int pfkey_send_x3 __P((int so, u_int type, u_int satype));
|
||||
static int pfkey_send_x1 __P((int, u_int, u_int, u_int, struct sockaddr *,
|
||||
struct sockaddr *, u_int32_t, u_int32_t, u_int, caddr_t,
|
||||
u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int32_t,
|
||||
u_int32_t, u_int32_t, u_int32_t));
|
||||
static int pfkey_send_x2 __P((int, u_int, u_int, u_int,
|
||||
struct sockaddr *, struct sockaddr *, u_int32_t));
|
||||
static int pfkey_send_x3 __P((int, u_int, u_int));
|
||||
static int pfkey_send_x4 __P((int, u_int, struct sockaddr *, u_int,
|
||||
struct sockaddr *, u_int, u_int, char *, int, u_int32_t));
|
||||
static int pfkey_send_x5 __P((int, u_int, u_int32_t));
|
||||
|
||||
static caddr_t pfkey_setsadbmsg __P((caddr_t buf, u_int type, u_int tlen,
|
||||
u_int satype, u_int mode, u_int32_t reqid, u_int32_t seq, pid_t pid));
|
||||
static caddr_t pfkey_setsadbsa __P((caddr_t buf, u_int32_t spi, u_int wsize,
|
||||
u_int auth, u_int enc, u_int32_t flags));
|
||||
static caddr_t pfkey_setsadbaddr __P((caddr_t buf, u_int exttype,
|
||||
struct sockaddr *saddr, u_int prefixlen, u_int ul_proto));
|
||||
static caddr_t pfkey_setsadbkey(caddr_t buf, u_int type,
|
||||
caddr_t key, u_int keylen);
|
||||
static caddr_t pfkey_setsadblifetime(caddr_t buf, u_int type,
|
||||
u_int32_t l_alloc, u_int32_t l_bytes,
|
||||
u_int32_t l_addtime, u_int32_t l_usetime);
|
||||
static caddr_t pfkey_setsadbmsg __P((caddr_t, u_int, u_int,
|
||||
u_int, u_int32_t, pid_t));
|
||||
static caddr_t pfkey_setsadbsa __P((caddr_t, u_int32_t, u_int,
|
||||
u_int, u_int, u_int32_t));
|
||||
static caddr_t pfkey_setsadbaddr __P((caddr_t, u_int,
|
||||
struct sockaddr *, u_int, u_int));
|
||||
static caddr_t pfkey_setsadbkey __P((caddr_t, u_int, caddr_t, u_int));
|
||||
static caddr_t pfkey_setsadblifetime __P((caddr_t, u_int, u_int32_t, u_int32_t,
|
||||
u_int32_t, u_int32_t));
|
||||
static caddr_t pfkey_setsadbxsa2 __P((caddr_t, u_int32_t, u_int32_t));
|
||||
|
||||
/*
|
||||
* check key length against algorithm specified.
|
||||
@ -224,6 +224,7 @@ pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
|
||||
int len;
|
||||
int need_spirange = 0;
|
||||
caddr_t p;
|
||||
int plen;
|
||||
|
||||
/* validity check */
|
||||
if (src == NULL || dst == NULL) {
|
||||
@ -238,9 +239,21 @@ pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
|
||||
__ipsec_errcode = EIPSEC_INVAL_SPI;
|
||||
return -1;
|
||||
}
|
||||
switch (src->sa_family) {
|
||||
case AF_INET:
|
||||
plen = sizeof(struct in_addr) << 3;
|
||||
break;
|
||||
case AF_INET6:
|
||||
plen = sizeof(struct in6_addr) << 3;
|
||||
break;
|
||||
default:
|
||||
__ipsec_errcode = EIPSEC_INVAL_FAMILY;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* create new sadb_msg to send. */
|
||||
len = sizeof(struct sadb_msg)
|
||||
+ sizeof(struct sadb_x_sa2)
|
||||
+ sizeof(struct sadb_address)
|
||||
+ PFKEY_ALIGN8(src->sa_len)
|
||||
+ sizeof(struct sadb_address)
|
||||
@ -257,21 +270,17 @@ pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
|
||||
}
|
||||
|
||||
p = pfkey_setsadbmsg((caddr_t)newmsg, SADB_GETSPI,
|
||||
len, satype, mode, reqid, seq, getpid());
|
||||
len, satype, seq, getpid());
|
||||
|
||||
p = pfkey_setsadbxsa2(p, mode, reqid);
|
||||
|
||||
/* set sadb_address for source */
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_SRC,
|
||||
src,
|
||||
_INALENBYAF(src->sa_family) << 3,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_SRC, src, plen,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
|
||||
/* set sadb_address for destination */
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_DST,
|
||||
dst,
|
||||
_INALENBYAF(dst->sa_family) << 3,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_DST, dst, plen,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
|
||||
/* proccessing spi range */
|
||||
if (need_spirange) {
|
||||
@ -544,7 +553,6 @@ pfkey_send_promisc_toggle(so, flag)
|
||||
|
||||
/*
|
||||
* sending SADB_X_SPDADD message to the kernel.
|
||||
* The length of key material is a_keylen + e_keylen.
|
||||
* OUT:
|
||||
* positive: success and return length sent.
|
||||
* -1 : error occured, and set errno.
|
||||
@ -554,135 +562,140 @@ pfkey_send_spdadd(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
|
||||
int so;
|
||||
struct sockaddr *src, *dst;
|
||||
u_int prefs, prefd, proto;
|
||||
char *policy;
|
||||
caddr_t policy;
|
||||
int policylen;
|
||||
u_int32_t seq;
|
||||
{
|
||||
struct sadb_msg *newmsg;
|
||||
int len;
|
||||
caddr_t p;
|
||||
|
||||
/* validity check */
|
||||
if (src == NULL || dst == NULL) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
|
||||
return -1;
|
||||
}
|
||||
if (src->sa_family != dst->sa_family) {
|
||||
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
|
||||
return -1;
|
||||
}
|
||||
if (prefs > (_INALENBYAF(src->sa_family) << 3)
|
||||
|| prefd > (_INALENBYAF(dst->sa_family) << 3)) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* create new sadb_msg to reply. */
|
||||
len = sizeof(struct sadb_msg)
|
||||
+ sizeof(struct sadb_address)
|
||||
+ PFKEY_ALIGN8(_SALENBYAF(src->sa_family))
|
||||
+ sizeof(struct sadb_address)
|
||||
+ PFKEY_ALIGN8(_SALENBYAF(src->sa_family))
|
||||
+ policylen;
|
||||
|
||||
if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
|
||||
__ipsec_set_strerror(strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
p = pfkey_setsadbmsg((caddr_t)newmsg, SADB_X_SPDADD, len,
|
||||
SADB_SATYPE_UNSPEC, IPSEC_MODE_ANY, 0,
|
||||
seq, getpid());
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_SRC,
|
||||
src,
|
||||
prefs,
|
||||
proto);
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_DST,
|
||||
dst,
|
||||
prefd,
|
||||
proto);
|
||||
memcpy(p, policy, policylen);
|
||||
|
||||
/* send message */
|
||||
len = pfkey_send(so, newmsg, len);
|
||||
free(newmsg);
|
||||
|
||||
if (len < 0)
|
||||
if ((len = pfkey_send_x4(so, SADB_X_SPDADD,
|
||||
src, prefs, dst, prefd, proto,
|
||||
policy, policylen, seq)) < 0)
|
||||
return -1;
|
||||
|
||||
__ipsec_errcode = EIPSEC_NO_ERROR;
|
||||
return len;
|
||||
}
|
||||
|
||||
/*
|
||||
* sending SADB_X_SPDDELETE message to the kernel.
|
||||
* The length of key material is a_keylen + e_keylen.
|
||||
* sending SADB_X_SPDUPDATE message to the kernel.
|
||||
* OUT:
|
||||
* positive: success and return length sent.
|
||||
* -1 : error occured, and set errno.
|
||||
*/
|
||||
int
|
||||
pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, seq)
|
||||
pfkey_send_spdupdate(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
|
||||
int so;
|
||||
struct sockaddr *src, *dst;
|
||||
u_int prefs, prefd, proto;
|
||||
caddr_t policy;
|
||||
int policylen;
|
||||
u_int32_t seq;
|
||||
{
|
||||
struct sadb_msg *newmsg;
|
||||
int len;
|
||||
caddr_t p;
|
||||
|
||||
/* validity check */
|
||||
if (src == NULL || dst == NULL) {
|
||||
if ((len = pfkey_send_x4(so, SADB_X_SPDUPDATE,
|
||||
src, prefs, dst, prefd, proto,
|
||||
policy, policylen, seq)) < 0)
|
||||
return -1;
|
||||
|
||||
return len;
|
||||
}
|
||||
|
||||
/*
|
||||
* sending SADB_X_SPDDELETE message to the kernel.
|
||||
* OUT:
|
||||
* positive: success and return length sent.
|
||||
* -1 : error occured, and set errno.
|
||||
*/
|
||||
int
|
||||
pfkey_send_spddelete(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
|
||||
int so;
|
||||
struct sockaddr *src, *dst;
|
||||
u_int prefs, prefd, proto;
|
||||
caddr_t policy;
|
||||
int policylen;
|
||||
u_int32_t seq;
|
||||
{
|
||||
int len;
|
||||
|
||||
if (policylen != sizeof(struct sadb_x_policy)) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
|
||||
return -1;
|
||||
}
|
||||
if (src->sa_family != dst->sa_family) {
|
||||
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
|
||||
|
||||
if ((len = pfkey_send_x4(so, SADB_X_SPDDELETE,
|
||||
src, prefs, dst, prefd, proto,
|
||||
policy, policylen, seq)) < 0)
|
||||
return -1;
|
||||
}
|
||||
if (prefs > (_INALENBYAF(src->sa_family) << 3)
|
||||
|| prefd > (_INALENBYAF(dst->sa_family) << 3)) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
|
||||
|
||||
return len;
|
||||
}
|
||||
|
||||
/*
|
||||
* sending SADB_X_SPDDELETE message to the kernel.
|
||||
* OUT:
|
||||
* positive: success and return length sent.
|
||||
* -1 : error occured, and set errno.
|
||||
*/
|
||||
int
|
||||
pfkey_send_spddelete2(so, spid)
|
||||
int so;
|
||||
u_int32_t spid;
|
||||
{
|
||||
int len;
|
||||
|
||||
if ((len = pfkey_send_x5(so, SADB_X_SPDDELETE2, spid)) < 0)
|
||||
return -1;
|
||||
|
||||
return len;
|
||||
}
|
||||
|
||||
/*
|
||||
* sending SADB_X_SPDGET message to the kernel.
|
||||
* OUT:
|
||||
* positive: success and return length sent.
|
||||
* -1 : error occured, and set errno.
|
||||
*/
|
||||
int
|
||||
pfkey_send_spdget(so, spid)
|
||||
int so;
|
||||
u_int32_t spid;
|
||||
{
|
||||
int len;
|
||||
|
||||
if ((len = pfkey_send_x5(so, SADB_X_SPDGET, spid)) < 0)
|
||||
return -1;
|
||||
|
||||
return len;
|
||||
}
|
||||
|
||||
/*
|
||||
* sending SADB_X_SPDSETIDX message to the kernel.
|
||||
* OUT:
|
||||
* positive: success and return length sent.
|
||||
* -1 : error occured, and set errno.
|
||||
*/
|
||||
int
|
||||
pfkey_send_spdsetidx(so, src, prefs, dst, prefd, proto, policy, policylen, seq)
|
||||
int so;
|
||||
struct sockaddr *src, *dst;
|
||||
u_int prefs, prefd, proto;
|
||||
caddr_t policy;
|
||||
int policylen;
|
||||
u_int32_t seq;
|
||||
{
|
||||
int len;
|
||||
|
||||
if (policylen != sizeof(struct sadb_x_policy)) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* create new sadb_msg to reply. */
|
||||
len = sizeof(struct sadb_msg)
|
||||
+ sizeof(struct sadb_address)
|
||||
+ PFKEY_ALIGN8(_SALENBYAF(src->sa_family))
|
||||
+ sizeof(struct sadb_address)
|
||||
+ PFKEY_ALIGN8(_SALENBYAF(src->sa_family));
|
||||
|
||||
if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
|
||||
__ipsec_set_strerror(strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
p = pfkey_setsadbmsg((caddr_t)newmsg, SADB_X_SPDDELETE, len,
|
||||
SADB_SATYPE_UNSPEC, IPSEC_MODE_ANY, 0,
|
||||
seq, getpid());
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_SRC,
|
||||
src,
|
||||
prefs,
|
||||
proto);
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_DST,
|
||||
dst,
|
||||
prefd,
|
||||
proto);
|
||||
|
||||
/* send message */
|
||||
len = pfkey_send(so, newmsg, len);
|
||||
free(newmsg);
|
||||
|
||||
if (len < 0)
|
||||
if ((len = pfkey_send_x4(so, SADB_X_SPDSETIDX,
|
||||
src, prefs, dst, prefd, proto,
|
||||
policy, policylen, seq)) < 0)
|
||||
return -1;
|
||||
|
||||
__ipsec_errcode = EIPSEC_NO_ERROR;
|
||||
return len;
|
||||
}
|
||||
|
||||
@ -739,6 +752,7 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
|
||||
struct sadb_msg *newmsg;
|
||||
int len;
|
||||
caddr_t p;
|
||||
int plen;
|
||||
|
||||
/* validity check */
|
||||
if (src == NULL || dst == NULL) {
|
||||
@ -749,6 +763,17 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
|
||||
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
|
||||
return -1;
|
||||
}
|
||||
switch (src->sa_family) {
|
||||
case AF_INET:
|
||||
plen = sizeof(struct in_addr) << 3;
|
||||
break;
|
||||
case AF_INET6:
|
||||
plen = sizeof(struct in6_addr) << 3;
|
||||
break;
|
||||
default:
|
||||
__ipsec_errcode = EIPSEC_INVAL_FAMILY;
|
||||
return -1;
|
||||
}
|
||||
|
||||
switch (satype) {
|
||||
case SADB_SATYPE_ESP:
|
||||
@ -777,6 +802,7 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
|
||||
/* create new sadb_msg to reply. */
|
||||
len = sizeof(struct sadb_msg)
|
||||
+ sizeof(struct sadb_sa)
|
||||
+ sizeof(struct sadb_x_sa2)
|
||||
+ sizeof(struct sadb_address)
|
||||
+ PFKEY_ALIGN8(src->sa_len)
|
||||
+ sizeof(struct sadb_address)
|
||||
@ -795,18 +821,13 @@ pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
|
||||
}
|
||||
|
||||
p = pfkey_setsadbmsg((caddr_t)newmsg, type, len,
|
||||
satype, mode, reqid, seq, getpid());
|
||||
satype, seq, getpid());
|
||||
p = pfkey_setsadbsa(p, spi, wsize, a_type, e_type, flags);
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_SRC,
|
||||
src,
|
||||
_INALENBYAF(src->sa_family) << 3,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_DST,
|
||||
dst,
|
||||
_INALENBYAF(dst->sa_family) << 3,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
p = pfkey_setsadbxsa2(p, mode, reqid);
|
||||
p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_SRC, src, plen,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_DST, dst, plen,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
|
||||
if (e_type != SADB_EALG_NONE)
|
||||
p = pfkey_setsadbkey(p, SADB_EXT_KEY_ENCRYPT,
|
||||
@ -843,6 +864,7 @@ pfkey_send_x2(so, type, satype, mode, src, dst, spi)
|
||||
struct sadb_msg *newmsg;
|
||||
int len;
|
||||
caddr_t p;
|
||||
int plen;
|
||||
|
||||
/* validity check */
|
||||
if (src == NULL || dst == NULL) {
|
||||
@ -853,6 +875,17 @@ pfkey_send_x2(so, type, satype, mode, src, dst, spi)
|
||||
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
|
||||
return -1;
|
||||
}
|
||||
switch (src->sa_family) {
|
||||
case AF_INET:
|
||||
plen = sizeof(struct in_addr) << 3;
|
||||
break;
|
||||
case AF_INET6:
|
||||
plen = sizeof(struct in6_addr) << 3;
|
||||
break;
|
||||
default:
|
||||
__ipsec_errcode = EIPSEC_INVAL_FAMILY;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* create new sadb_msg to reply. */
|
||||
len = sizeof(struct sadb_msg)
|
||||
@ -867,18 +900,12 @@ pfkey_send_x2(so, type, satype, mode, src, dst, spi)
|
||||
return -1;
|
||||
}
|
||||
|
||||
p = pfkey_setsadbmsg((caddr_t)newmsg, type, len, satype, mode, 0, 0, getpid());
|
||||
p = pfkey_setsadbmsg((caddr_t)newmsg, type, len, satype, 0, getpid());
|
||||
p = pfkey_setsadbsa(p, spi, 0, 0, 0, 0);
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_SRC,
|
||||
src,
|
||||
_INALENBYAF(src->sa_family) << 3,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_DST,
|
||||
dst,
|
||||
_INALENBYAF(dst->sa_family) << 3,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_SRC, src, plen,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
p = pfkey_setsadbaddr(p, SADB_EXT_ADDRESS_DST, dst, plen,
|
||||
IPSEC_ULPROTO_ANY);
|
||||
|
||||
/* send message */
|
||||
len = pfkey_send(so, newmsg, len);
|
||||
@ -932,7 +959,128 @@ pfkey_send_x3(so, type, satype)
|
||||
return -1;
|
||||
}
|
||||
|
||||
(void)pfkey_setsadbmsg((caddr_t)newmsg, type, len, satype, 0, 0, 0, getpid());
|
||||
(void)pfkey_setsadbmsg((caddr_t)newmsg, type, len, satype, 0, getpid());
|
||||
|
||||
/* send message */
|
||||
len = pfkey_send(so, newmsg, len);
|
||||
free(newmsg);
|
||||
|
||||
if (len < 0)
|
||||
return -1;
|
||||
|
||||
__ipsec_errcode = EIPSEC_NO_ERROR;
|
||||
return len;
|
||||
}
|
||||
|
||||
/* sending SADB_X_SPDADD message to the kernel */
|
||||
static int
|
||||
pfkey_send_x4(so, type, src, prefs, dst, prefd, proto, policy, policylen, seq)
|
||||
int so;
|
||||
struct sockaddr *src, *dst;
|
||||
u_int type, prefs, prefd, proto;
|
||||
char *policy;
|
||||
int policylen;
|
||||
u_int32_t seq;
|
||||
{
|
||||
struct sadb_msg *newmsg;
|
||||
int len;
|
||||
caddr_t p;
|
||||
int plen;
|
||||
|
||||
/* validity check */
|
||||
if (src == NULL || dst == NULL) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
|
||||
return -1;
|
||||
}
|
||||
if (src->sa_family != dst->sa_family) {
|
||||
__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
|
||||
return -1;
|
||||
}
|
||||
|
||||
switch (src->sa_family) {
|
||||
case AF_INET:
|
||||
plen = sizeof(struct in_addr) << 3;
|
||||
break;
|
||||
case AF_INET6:
|
||||
plen = sizeof(struct in6_addr) << 3;
|
||||
break;
|
||||
default:
|
||||
__ipsec_errcode = EIPSEC_INVAL_FAMILY;
|
||||
return -1;
|
||||
}
|
||||
if (prefs > plen || prefd > plen) {
|
||||
__ipsec_errcode = EIPSEC_INVAL_PREFIXLEN;
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* create new sadb_msg to reply. */
|
||||
len = sizeof(struct sadb_msg)
|
||||
+ sizeof(struct sadb_address)
|
||||
+ PFKEY_ALIGN8(src->sa_len)
|
||||
+ sizeof(struct sadb_address)
|
||||
+ PFKEY_ALIGN8(src->sa_len)
|
||||
+ policylen;
|
||||
|
||||
if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
|
||||
__ipsec_set_strerror(strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
p = pfkey_setsadbmsg((caddr_t)newmsg, type, len,
|
||||
SADB_SATYPE_UNSPEC, seq, getpid());
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_SRC,
|
||||
src,
|
||||
prefs,
|
||||
proto);
|
||||
p = pfkey_setsadbaddr(p,
|
||||
SADB_EXT_ADDRESS_DST,
|
||||
dst,
|
||||
prefd,
|
||||
proto);
|
||||
memcpy(p, policy, policylen);
|
||||
|
||||
/* send message */
|
||||
len = pfkey_send(so, newmsg, len);
|
||||
free(newmsg);
|
||||
|
||||
if (len < 0)
|
||||
return -1;
|
||||
|
||||
__ipsec_errcode = EIPSEC_NO_ERROR;
|
||||
return len;
|
||||
}
|
||||
|
||||
/* sending SADB_X_SPDGET or SADB_X_SPDDELETE message to the kernel */
|
||||
static int
|
||||
pfkey_send_x5(so, type, spid)
|
||||
int so;
|
||||
u_int type;
|
||||
u_int32_t spid;
|
||||
{
|
||||
struct sadb_msg *newmsg;
|
||||
struct sadb_x_policy xpl;
|
||||
int len;
|
||||
caddr_t p;
|
||||
|
||||
/* create new sadb_msg to reply. */
|
||||
len = sizeof(struct sadb_msg)
|
||||
+ sizeof(xpl);
|
||||
|
||||
if ((newmsg = CALLOC(len, struct sadb_msg *)) == NULL) {
|
||||
__ipsec_set_strerror(strerror(errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
p = pfkey_setsadbmsg((caddr_t)newmsg, type, len,
|
||||
SADB_SATYPE_UNSPEC, 0, getpid());
|
||||
|
||||
memset(&xpl, 0, sizeof(xpl));
|
||||
xpl.sadb_x_policy_len = PFKEY_UNUNIT64(sizeof(xpl));
|
||||
xpl.sadb_x_policy_exttype = SADB_X_EXT_POLICY;
|
||||
xpl.sadb_x_policy_id = spid;
|
||||
|
||||
memcpy(p, &xpl, sizeof(xpl));
|
||||
|
||||
/* send message */
|
||||
len = pfkey_send(so, newmsg, len);
|
||||
@ -1125,6 +1273,7 @@ pfkey_align(msg, mhp)
|
||||
case SADB_EXT_SUPPORTED_ENCRYPT:
|
||||
case SADB_EXT_SPIRANGE:
|
||||
case SADB_X_EXT_POLICY:
|
||||
case SADB_X_EXT_SA2:
|
||||
mhp[ext->sadb_ext_type] = (caddr_t)ext;
|
||||
break;
|
||||
default:
|
||||
@ -1264,11 +1413,11 @@ pfkey_check(mhp)
|
||||
* `buf' must has been allocated sufficiently.
|
||||
*/
|
||||
static caddr_t
|
||||
pfkey_setsadbmsg(buf, type, tlen, satype, mode, reqid, seq, pid)
|
||||
pfkey_setsadbmsg(buf, type, tlen, satype, seq, pid)
|
||||
caddr_t buf;
|
||||
u_int type, satype, mode;
|
||||
u_int type, satype;
|
||||
u_int tlen;
|
||||
u_int32_t reqid, seq;
|
||||
u_int32_t seq;
|
||||
pid_t pid;
|
||||
{
|
||||
struct sadb_msg *p;
|
||||
@ -1283,12 +1432,9 @@ pfkey_setsadbmsg(buf, type, tlen, satype, mode, reqid, seq, pid)
|
||||
p->sadb_msg_errno = 0;
|
||||
p->sadb_msg_satype = satype;
|
||||
p->sadb_msg_len = PFKEY_UNIT64(tlen);
|
||||
p->sadb_msg_mode = mode;
|
||||
p->sadb_msg_reserved1 = 0;
|
||||
p->sadb_msg_reserved = 0;
|
||||
p->sadb_msg_seq = seq;
|
||||
p->sadb_msg_pid = (u_int32_t)pid;
|
||||
p->sadb_msg_reqid = reqid;
|
||||
p->sadb_msg_reserved2 = 0;
|
||||
|
||||
return(buf + len);
|
||||
}
|
||||
@ -1421,3 +1567,29 @@ pfkey_setsadblifetime(buf, type, l_alloc, l_bytes, l_addtime, l_usetime)
|
||||
return buf + len;
|
||||
}
|
||||
|
||||
/*
|
||||
* copy secasvar data into sadb_address.
|
||||
* `buf' must has been allocated sufficiently.
|
||||
*/
|
||||
static caddr_t
|
||||
pfkey_setsadbxsa2(buf, mode0, reqid)
|
||||
caddr_t buf;
|
||||
u_int32_t mode0;
|
||||
u_int32_t reqid;
|
||||
{
|
||||
struct sadb_x_sa2 *p;
|
||||
u_int8_t mode = mode0 & 0xff;
|
||||
u_int len;
|
||||
|
||||
p = (struct sadb_x_sa2 *)buf;
|
||||
len = sizeof(struct sadb_x_sa2);
|
||||
|
||||
memset(p, 0, len);
|
||||
p->sadb_x_sa2_len = PFKEY_UNIT64(len);
|
||||
p->sadb_x_sa2_exttype = SADB_X_EXT_SA2;
|
||||
p->sadb_x_sa2_mode = mode;
|
||||
p->sadb_x_sa2_reqid = reqid;
|
||||
|
||||
return(buf + len);
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,5 @@
|
||||
/* $NetBSD: pfkey_dump.c,v 1.6 2000/02/08 13:17:52 itojun Exp $ */
|
||||
/* $NetBSD: pfkey_dump.c,v 1.7 2000/06/12 10:40:52 itojun Exp $ */
|
||||
/* $KAME: pfkey_dump.c,v 1.19 2000/06/10 06:47:11 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
@ -46,8 +47,10 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <time.h>
|
||||
#include <netdb.h>
|
||||
|
||||
#include "ipsec_strerror.h"
|
||||
#include "libpfkey.h"
|
||||
|
||||
#define GETMSGSTR(str, num) \
|
||||
do { \
|
||||
@ -60,13 +63,10 @@ do { \
|
||||
printf("%s ", (str)[(num)]); \
|
||||
} while (0)
|
||||
|
||||
#define GETAF(p) \
|
||||
(((struct sockaddr *)(p))->sa_family)
|
||||
|
||||
static char *_str_ipaddr __P((u_int family, caddr_t addr));
|
||||
static char *_str_prefport __P((u_int family, u_int pref, u_int port));
|
||||
static char *_str_time __P((time_t t));
|
||||
static void _str_lifetime_byte __P((struct sadb_lifetime *x, char *str));
|
||||
static char *str_ipaddr __P((struct sockaddr *));
|
||||
static char *str_prefport __P((u_int, u_int, u_int));
|
||||
static char *str_time __P((time_t));
|
||||
static void str_lifetime_byte __P((struct sadb_lifetime *, char *));
|
||||
|
||||
/*
|
||||
* Must to be re-written about following strings.
|
||||
@ -148,6 +148,7 @@ pfkey_sadump(m)
|
||||
{
|
||||
caddr_t mhp[SADB_EXT_MAX + 1];
|
||||
struct sadb_sa *m_sa;
|
||||
struct sadb_x_sa2 *m_sa2;
|
||||
struct sadb_lifetime *m_lftc, *m_lfth, *m_lfts;
|
||||
struct sadb_address *m_saddr, *m_daddr, *m_paddr;
|
||||
struct sadb_key *m_auth, *m_enc;
|
||||
@ -165,6 +166,7 @@ pfkey_sadump(m)
|
||||
}
|
||||
|
||||
m_sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
|
||||
m_sa2 = (struct sadb_x_sa2 *)mhp[SADB_X_EXT_SA2];
|
||||
m_lftc = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_CURRENT];
|
||||
m_lfth = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_HARD];
|
||||
m_lfts = (struct sadb_lifetime *)mhp[SADB_EXT_LIFETIME_SOFT];
|
||||
@ -182,34 +184,36 @@ pfkey_sadump(m)
|
||||
printf("no ADDRESS_SRC extension.\n");
|
||||
return;
|
||||
}
|
||||
printf("%s ",
|
||||
_str_ipaddr(GETAF(m_saddr + 1), _INADDRBYSA(m_saddr + 1)));
|
||||
printf("%s ", str_ipaddr((struct sockaddr *)(m_saddr + 1)));
|
||||
|
||||
/* destination address */
|
||||
if (m_daddr == NULL) {
|
||||
printf("no ADDRESS_DST extension.\n");
|
||||
return;
|
||||
}
|
||||
printf("%s ",
|
||||
_str_ipaddr(GETAF(m_daddr + 1), _INADDRBYSA(m_daddr + 1)));
|
||||
printf("%s ", str_ipaddr((struct sockaddr *)(m_daddr + 1)));
|
||||
|
||||
/* SA type */
|
||||
if (m_sa == NULL) {
|
||||
printf("no SA extension.\n");
|
||||
return;
|
||||
}
|
||||
if (m_sa2 == NULL) {
|
||||
printf("no SA2 extension.\n");
|
||||
return;
|
||||
}
|
||||
printf("\n\t");
|
||||
|
||||
GETMSGSTR(_str_satype, m->sadb_msg_satype);
|
||||
|
||||
printf("mode=");
|
||||
GETMSGSTR(_str_mode, m->sadb_msg_mode);
|
||||
GETMSGSTR(_str_mode, m_sa2->sadb_x_sa2_mode);
|
||||
|
||||
printf("spi=%u(0x%08x) reqid=%u(0x%08x)\n",
|
||||
(u_int32_t)ntohl(m_sa->sadb_sa_spi),
|
||||
(u_int32_t)ntohl(m_sa->sadb_sa_spi),
|
||||
(u_int32_t)m->sadb_msg_reqid,
|
||||
(u_int32_t)m->sadb_msg_reqid);
|
||||
(u_int32_t)m_sa2->sadb_x_sa2_reqid,
|
||||
(u_int32_t)m_sa2->sadb_x_sa2_reqid);
|
||||
|
||||
/* encryption key */
|
||||
if (m->sadb_msg_satype == SADB_X_SATYPE_IPCOMP) {
|
||||
@ -252,8 +256,8 @@ pfkey_sadump(m)
|
||||
time_t tmp_time = time(0);
|
||||
|
||||
printf("\tcreated: %s",
|
||||
_str_time(m_lftc->sadb_lifetime_addtime));
|
||||
printf("\tcurrent: %s\n", _str_time(tmp_time));
|
||||
str_time(m_lftc->sadb_lifetime_addtime));
|
||||
printf("\tcurrent: %s\n", str_time(tmp_time));
|
||||
printf("\tdiff: %lu(s)",
|
||||
(u_long)(m_lftc->sadb_lifetime_addtime == 0 ?
|
||||
0 : (tmp_time - m_lftc->sadb_lifetime_addtime)));
|
||||
@ -266,7 +270,7 @@ pfkey_sadump(m)
|
||||
0 : m_lfts->sadb_lifetime_addtime));
|
||||
|
||||
printf("\tlast: %s",
|
||||
_str_time(m_lftc->sadb_lifetime_usetime));
|
||||
str_time(m_lftc->sadb_lifetime_usetime));
|
||||
printf("\thard: %lu(s)",
|
||||
(u_long)(m_lfth == NULL ?
|
||||
0 : m_lfth->sadb_lifetime_usetime));
|
||||
@ -274,9 +278,9 @@ pfkey_sadump(m)
|
||||
(u_long)(m_lfts == NULL ?
|
||||
0 : m_lfts->sadb_lifetime_usetime));
|
||||
|
||||
_str_lifetime_byte(m_lftc, "current");
|
||||
_str_lifetime_byte(m_lfth, "hard");
|
||||
_str_lifetime_byte(m_lfts, "soft");
|
||||
str_lifetime_byte(m_lftc, "current");
|
||||
str_lifetime_byte(m_lfth, "hard");
|
||||
str_lifetime_byte(m_lfts, "soft");
|
||||
printf("\n");
|
||||
|
||||
printf("\tallocated: %lu",
|
||||
@ -290,7 +294,7 @@ pfkey_sadump(m)
|
||||
}
|
||||
|
||||
/* XXX DEBUG */
|
||||
printf("\trefcnt=%u\n", m->sadb_msg_reserved2);
|
||||
printf("\trefcnt=%u\n", m->sadb_msg_reserved);
|
||||
|
||||
return;
|
||||
}
|
||||
@ -299,9 +303,12 @@ void
|
||||
pfkey_spdump(m)
|
||||
struct sadb_msg *m;
|
||||
{
|
||||
char pbuf[NI_MAXSERV];
|
||||
caddr_t mhp[SADB_EXT_MAX + 1];
|
||||
struct sadb_address *m_saddr, *m_daddr;
|
||||
struct sadb_x_policy *m_xpl;
|
||||
struct sockaddr *sa;
|
||||
u_int16_t port;
|
||||
|
||||
/* check pfkey message. */
|
||||
if (pfkey_align(m, mhp)) {
|
||||
@ -322,22 +329,46 @@ pfkey_spdump(m)
|
||||
printf("no ADDRESS_SRC extension.\n");
|
||||
return;
|
||||
}
|
||||
printf("%s%s ",
|
||||
_str_ipaddr(GETAF(m_saddr + 1), _INADDRBYSA(m_saddr + 1)),
|
||||
_str_prefport(GETAF(m_saddr + 1),
|
||||
m_saddr->sadb_address_prefixlen,
|
||||
_INPORTBYSA(m_saddr + 1)));
|
||||
sa = (struct sockaddr *)(m_saddr + 1);
|
||||
switch (sa->sa_family) {
|
||||
case AF_INET:
|
||||
case AF_INET6:
|
||||
if (getnameinfo(sa, sa->sa_len, NULL, 0, pbuf, sizeof(pbuf),
|
||||
NI_NUMERICSERV) != 0)
|
||||
port = 0; /*XXX*/
|
||||
else
|
||||
port = atoi(pbuf);
|
||||
printf("%s%s ", str_ipaddr(sa),
|
||||
str_prefport(sa->sa_family,
|
||||
m_saddr->sadb_address_prefixlen, port));
|
||||
break;
|
||||
default:
|
||||
printf("unknown-af ");
|
||||
break;
|
||||
}
|
||||
|
||||
/* destination address */
|
||||
if (m_daddr == NULL) {
|
||||
printf("no ADDRESS_DST extension.\n");
|
||||
return;
|
||||
}
|
||||
printf("%s%s ",
|
||||
_str_ipaddr(GETAF(m_daddr + 1), _INADDRBYSA(m_daddr + 1)),
|
||||
_str_prefport(GETAF(m_daddr + 1),
|
||||
m_daddr->sadb_address_prefixlen,
|
||||
_INPORTBYSA(m_daddr + 1)));
|
||||
sa = (struct sockaddr *)(m_daddr + 1);
|
||||
switch (sa->sa_family) {
|
||||
case AF_INET:
|
||||
case AF_INET6:
|
||||
if (getnameinfo(sa, sa->sa_len, NULL, 0, pbuf, sizeof(pbuf),
|
||||
NI_NUMERICSERV) != 0)
|
||||
port = 0; /*XXX*/
|
||||
else
|
||||
port = atoi(pbuf);
|
||||
printf("%s%s ", str_ipaddr(sa),
|
||||
str_prefport(sa->sa_family,
|
||||
m_daddr->sadb_address_prefixlen, port));
|
||||
break;
|
||||
default:
|
||||
printf("unknown-af ");
|
||||
break;
|
||||
}
|
||||
|
||||
/* upper layer protocol */
|
||||
if (m_saddr->sadb_address_proto != m_daddr->sadb_address_proto) {
|
||||
@ -364,12 +395,13 @@ pfkey_spdump(m)
|
||||
free(d_xpl);
|
||||
}
|
||||
|
||||
printf("\tseq=%ld pid=%ld\n",
|
||||
printf("\tspid=%ld seq=%ld pid=%ld\n",
|
||||
(u_long)m_xpl->sadb_x_policy_id,
|
||||
(u_long)m->sadb_msg_seq,
|
||||
(u_long)m->sadb_msg_pid);
|
||||
|
||||
/* XXX TEST */
|
||||
printf("\trefcnt=%u\n", m->sadb_msg_reserved2);
|
||||
printf("\trefcnt=%u\n", m->sadb_msg_reserved);
|
||||
|
||||
return;
|
||||
}
|
||||
@ -378,35 +410,48 @@ pfkey_spdump(m)
|
||||
* set "ipaddress" to buffer.
|
||||
*/
|
||||
static char *
|
||||
_str_ipaddr(family, addr)
|
||||
u_int family;
|
||||
caddr_t addr;
|
||||
str_ipaddr(sa)
|
||||
struct sockaddr *sa;
|
||||
{
|
||||
static char buf[128];
|
||||
char addrbuf[128];
|
||||
static char buf[NI_MAXHOST];
|
||||
#ifdef NI_WITHSCOPEID
|
||||
const int niflag = NI_NUMERICHOST | NI_WITHSCOPEID;
|
||||
#else
|
||||
const int niflag = NI_NUMERICHOST;
|
||||
#endif
|
||||
|
||||
if (addr == NULL)
|
||||
if (sa == NULL)
|
||||
return "";
|
||||
|
||||
inet_ntop(family, addr, addrbuf, sizeof(addrbuf));
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s", addrbuf);
|
||||
|
||||
return buf;
|
||||
if (getnameinfo(sa, sa->sa_len, buf, sizeof(buf), NULL, 0, niflag) == 0)
|
||||
return buf;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* set "/prefix[port number]" to buffer.
|
||||
*/
|
||||
static char *
|
||||
_str_prefport(family, pref, port)
|
||||
str_prefport(family, pref, port)
|
||||
u_int family, pref, port;
|
||||
{
|
||||
static char buf[128];
|
||||
char prefbuf[10];
|
||||
char portbuf[10];
|
||||
int plen;
|
||||
|
||||
if (pref == (_INALENBYAF(family) << 3))
|
||||
switch (family) {
|
||||
case AF_INET:
|
||||
plen = sizeof(struct in_addr) << 3;
|
||||
break;
|
||||
case AF_INET6:
|
||||
plen = sizeof(struct in6_addr) << 3;
|
||||
break;
|
||||
default:
|
||||
return "?";
|
||||
}
|
||||
|
||||
if (pref == plen)
|
||||
prefbuf[0] = '\0';
|
||||
else
|
||||
snprintf(prefbuf, sizeof(prefbuf), "/%u", pref);
|
||||
@ -414,7 +459,7 @@ _str_prefport(family, pref, port)
|
||||
if (port == IPSEC_PORT_ANY)
|
||||
snprintf(portbuf, sizeof(portbuf), "[%s]", "any");
|
||||
else
|
||||
snprintf(portbuf, sizeof(portbuf), "[%u]", ntohs(port));
|
||||
snprintf(portbuf, sizeof(portbuf), "[%u]", port);
|
||||
|
||||
snprintf(buf, sizeof(buf), "%s%s", prefbuf, portbuf);
|
||||
|
||||
@ -425,7 +470,7 @@ _str_prefport(family, pref, port)
|
||||
* set "Mon Day Time Year" to buffer
|
||||
*/
|
||||
static char *
|
||||
_str_time(t)
|
||||
str_time(t)
|
||||
time_t t;
|
||||
{
|
||||
static char buf[128];
|
||||
@ -445,7 +490,7 @@ _str_time(t)
|
||||
}
|
||||
|
||||
static void
|
||||
_str_lifetime_byte(x, str)
|
||||
str_lifetime_byte(x, str)
|
||||
struct sadb_lifetime *x;
|
||||
char *str;
|
||||
{
|
||||
|
@ -1,4 +1,5 @@
|
||||
/* $NetBSD: policy_parse.y,v 1.2 2000/03/13 21:23:56 itojun Exp $ */
|
||||
/* $NetBSD: policy_parse.y,v 1.3 2000/06/12 10:40:52 itojun Exp $ */
|
||||
/* $KAME: policy_parse.y,v 1.10 2000/05/07 05:25:03 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
@ -28,7 +29,6 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
/* KAME Id: policy_parse.y,v 1.7 2000/01/27 17:59:13 itojun Exp */
|
||||
|
||||
/*
|
||||
* IN/OUT bound policy configuration take place such below:
|
||||
@ -116,6 +116,14 @@ policy_spec
|
||||
return -1;
|
||||
}
|
||||
rules
|
||||
| DIR
|
||||
{
|
||||
p_dir = $1;
|
||||
p_type = 0; /* ignored it by kernel */
|
||||
|
||||
if (init_x_policy())
|
||||
return -1;
|
||||
}
|
||||
;
|
||||
|
||||
rules
|
||||
|
@ -1,4 +1,5 @@
|
||||
/* $NetBSD: policy_token.l,v 1.3 2000/03/13 21:23:56 itojun Exp $ */
|
||||
/* $NetBSD: policy_token.l,v 1.4 2000/06/12 10:40:52 itojun Exp $ */
|
||||
/* $KAME: policy_token.l,v 1.9 2000/05/07 05:25:03 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: pfkeyv2.h,v 1.4 2000/02/09 03:27:29 itojun Exp $ */
|
||||
/* $NetBSD: pfkeyv2.h,v 1.5 2000/06/12 10:40:37 itojun Exp $ */
|
||||
/* $KAME: pfkeyv2.h,v 1.16 2000/06/10 06:39:54 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -29,8 +30,6 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* KAME Id: keyv2.h,v 1.14 2000/01/29 06:21:03 itojun Exp */
|
||||
|
||||
/*
|
||||
* This file has been derived rfc 2367,
|
||||
* And added some flags of SADB_KEY_FLAGS_ as SADB_X_EXT_.
|
||||
@ -66,16 +65,17 @@ you leave this credit intact on any copies of this file.
|
||||
#define SADB_X_PROMISC 11
|
||||
#define SADB_X_PCHANGE 12
|
||||
|
||||
#define SADB_X_SPDUPDATE 13 /* not yet */
|
||||
#define SADB_X_SPDUPDATE 13
|
||||
#define SADB_X_SPDADD 14
|
||||
#define SADB_X_SPDDELETE 15
|
||||
#define SADB_X_SPDGET 16 /* not yet */
|
||||
#define SADB_X_SPDACQUIRE 17 /* not yet */
|
||||
#define SADB_X_SPDDELETE 15 /* by policy index */
|
||||
#define SADB_X_SPDGET 16
|
||||
#define SADB_X_SPDACQUIRE 17
|
||||
#define SADB_X_SPDDUMP 18
|
||||
#define SADB_X_SPDFLUSH 19
|
||||
#define SADB_X_SPDSETIDX 20 /* add only SPD selector */
|
||||
#define SADB_X_SPDSETIDX 20
|
||||
#define SADB_X_SPDEXPIRE 21 /* not yet */
|
||||
#define SADB_MAX 21
|
||||
#define SADB_X_SPDDELETE2 22 /* by policy id */
|
||||
#define SADB_MAX 22
|
||||
|
||||
struct sadb_msg {
|
||||
u_int8_t sadb_msg_version;
|
||||
@ -83,13 +83,9 @@ struct sadb_msg {
|
||||
u_int8_t sadb_msg_errno;
|
||||
u_int8_t sadb_msg_satype;
|
||||
u_int16_t sadb_msg_len;
|
||||
u_int8_t sadb_msg_mode; /* XXX */
|
||||
u_int8_t sadb_msg_reserved1;
|
||||
u_int16_t sadb_msg_reserved;
|
||||
u_int32_t sadb_msg_seq;
|
||||
u_int32_t sadb_msg_pid;
|
||||
u_int32_t sadb_msg_reqid; /* XXX */
|
||||
/* when policy mng, value is zero. */
|
||||
u_int32_t sadb_msg_reserved2;
|
||||
};
|
||||
|
||||
struct sadb_ext {
|
||||
@ -214,14 +210,32 @@ struct sadb_x_kmprivate {
|
||||
u_int32_t sadb_x_kmprivate_reserved;
|
||||
};
|
||||
|
||||
/*
|
||||
* XXX Additional SA Extension.
|
||||
* mode: tunnel or transport
|
||||
* reqid: to make SA unique nevertheless the address pair of SA are same.
|
||||
* Mainly it's for VPN.
|
||||
*/
|
||||
struct sadb_x_sa2 {
|
||||
u_int16_t sadb_x_sa2_len;
|
||||
u_int16_t sadb_x_sa2_exttype;
|
||||
u_int8_t sadb_x_sa2_mode;
|
||||
u_int8_t sadb_x_sa2_reserved1;
|
||||
u_int16_t sadb_x_sa2_reserved2;
|
||||
u_int32_t sadb_x_sa2_reserved3;
|
||||
u_int32_t sadb_x_sa2_reqid;
|
||||
};
|
||||
|
||||
/* XXX Policy Extension */
|
||||
/* sizeof(struct sadb_x_policy) == 8 */
|
||||
/* sizeof(struct sadb_x_policy) == 16 */
|
||||
struct sadb_x_policy {
|
||||
u_int16_t sadb_x_policy_len;
|
||||
u_int16_t sadb_x_policy_exttype;
|
||||
u_int16_t sadb_x_policy_type; /* See policy type of ipsec.h */
|
||||
u_int8_t sadb_x_policy_dir; /* direction, see ipsec.h */
|
||||
u_int8_t sadb_x_policy_reserved;
|
||||
u_int32_t sadb_x_policy_id;
|
||||
u_int32_t sadb_x_policy_reserved2;
|
||||
};
|
||||
/*
|
||||
* When policy_type == IPSEC, it is followed by some of
|
||||
@ -271,7 +285,8 @@ struct sadb_x_ipsecrequest {
|
||||
#define SADB_EXT_SPIRANGE 16
|
||||
#define SADB_X_EXT_KMPRIVATE 17
|
||||
#define SADB_X_EXT_POLICY 18
|
||||
#define SADB_EXT_MAX 18
|
||||
#define SADB_X_EXT_SA2 19
|
||||
#define SADB_EXT_MAX 19
|
||||
|
||||
#define SADB_SATYPE_UNSPEC 0
|
||||
#define SADB_SATYPE_AH 2
|
||||
@ -281,7 +296,8 @@ struct sadb_x_ipsecrequest {
|
||||
#define SADB_SATYPE_RIPV2 7
|
||||
#define SADB_SATYPE_MIP 8
|
||||
#define SADB_X_SATYPE_IPCOMP 9
|
||||
#define SADB_SATYPE_MAX 9
|
||||
#define SADB_X_SATYPE_POLICY 10
|
||||
#define SADB_SATYPE_MAX 11
|
||||
|
||||
#define SADB_SASTATE_LARVAL 0
|
||||
#define SADB_SASTATE_MATURE 1
|
||||
@ -370,57 +386,9 @@ struct sadb_x_ipsecrequest {
|
||||
#define PFKEY_ADDR_SADDR(ext) \
|
||||
((struct sockaddr *)((caddr_t)(ext) + sizeof(struct sadb_address)))
|
||||
|
||||
#if 1
|
||||
/* in 64bits */
|
||||
#define PFKEY_UNUNIT64(a) ((a) << 3)
|
||||
#define PFKEY_UNIT64(a) ((a) >> 3)
|
||||
#else
|
||||
#define PFKEY_UNUNIT64(a) (a)
|
||||
#define PFKEY_UNIT64(a) (a)
|
||||
#endif
|
||||
|
||||
#ifndef _KERNEL
|
||||
extern void pfkey_sadump __P((struct sadb_msg *));
|
||||
extern void pfkey_spdump __P((struct sadb_msg *));
|
||||
|
||||
struct sockaddr;
|
||||
int ipsec_check_keylen __P((u_int, u_int, u_int));
|
||||
u_int pfkey_set_softrate __P((u_int, u_int));
|
||||
u_int pfkey_get_softrate __P((u_int));
|
||||
int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *,
|
||||
struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t));
|
||||
int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *,
|
||||
struct sockaddr *, u_int32_t, u_int32_t, u_int,
|
||||
caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
|
||||
u_int64_t, u_int64_t, u_int32_t));
|
||||
int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *,
|
||||
struct sockaddr *, u_int32_t, u_int32_t, u_int,
|
||||
caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
|
||||
u_int64_t, u_int64_t, u_int32_t));
|
||||
int pfkey_send_delete __P((int, u_int, u_int,
|
||||
struct sockaddr *, struct sockaddr *, u_int32_t));
|
||||
int pfkey_send_get __P((int, u_int, u_int,
|
||||
struct sockaddr *, struct sockaddr *, u_int32_t));
|
||||
int pfkey_send_register __P((int, u_int));
|
||||
int pfkey_recv_register __P((int));
|
||||
int pfkey_send_flush __P((int, u_int));
|
||||
int pfkey_send_dump __P((int, u_int));
|
||||
int pfkey_send_promisc_toggle __P((int, int));
|
||||
int pfkey_send_spdadd __P((int, struct sockaddr *, u_int,
|
||||
struct sockaddr *, u_int, u_int, caddr_t, int, u_int32_t));
|
||||
int pfkey_send_spddelete __P((int, struct sockaddr *, u_int,
|
||||
struct sockaddr *, u_int, u_int, u_int32_t));
|
||||
int pfkey_send_spdflush __P((int));
|
||||
int pfkey_send_spddump __P((int));
|
||||
|
||||
int pfkey_open __P((void));
|
||||
void pfkey_close __P((int));
|
||||
struct sadb_msg *pfkey_recv __P((int));
|
||||
int pfkey_send __P((int, struct sadb_msg *, int));
|
||||
int pfkey_align __P((struct sadb_msg *, caddr_t *));
|
||||
int pfkey_check __P((caddr_t *));
|
||||
|
||||
#endif /*!_KERNEL*/
|
||||
|
||||
#endif /* __PFKEY_V2_H */
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: ipsec.c,v 1.21 2000/06/03 16:14:02 itojun Exp $ */
|
||||
/* $NetBSD: ipsec.c,v 1.22 2000/06/12 10:40:46 itojun Exp $ */
|
||||
/* $KAME: ipsec.c,v 1.65 2000/06/03 15:51:28 itojun Exp $ */
|
||||
|
||||
/*
|
||||
@ -1891,7 +1891,7 @@ ipsec4_encapsulate(m, sav)
|
||||
}
|
||||
#if 0
|
||||
/* XXX if the dst is myself, perform nothing. */
|
||||
if (key_ismyaddr(AF_INET, _INADDRBYSA(&sav->sah->saidx.dst))) {
|
||||
if (key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst)) {
|
||||
m_freem(m);
|
||||
return EINVAL;
|
||||
}
|
||||
@ -2008,7 +2008,7 @@ ipsec6_encapsulate(m, sav)
|
||||
}
|
||||
#if 0
|
||||
/* XXX if the dst is myself, perform nothing. */
|
||||
if (key_ismyaddr(AF_INET6, _INADDRBYSA(&sav->sah->saidx.dst))) {
|
||||
if (key_ismyaddr((struct sockaddr *)&sav->sah->saidx.dst)) {
|
||||
m_freem(m);
|
||||
return EINVAL;
|
||||
}
|
||||
|
4615
sys/netkey/key.c
4615
sys/netkey/key.c
File diff suppressed because it is too large
Load Diff
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: key.h,v 1.5 2000/01/31 14:19:12 itojun Exp $ */
|
||||
/* $NetBSD: key.h,v 1.6 2000/06/12 10:40:47 itojun Exp $ */
|
||||
/* $KAME: key.h,v 1.17 2000/06/12 07:01:13 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -29,8 +30,6 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* KAME Id: key.h,v 1.8 2000/01/29 06:21:01 itojun Exp */
|
||||
|
||||
#ifndef _NETKEY_KEY_H_
|
||||
#define _NETKEY_KEY_H_
|
||||
|
||||
@ -47,38 +46,30 @@ struct socket;
|
||||
struct sadb_msg;
|
||||
struct sadb_x_policy;
|
||||
|
||||
extern struct secpolicy *key_allocsp __P((struct secpolicyindex *spidx,
|
||||
u_int dir));
|
||||
extern struct secpolicy *key_allocsp __P((struct secpolicyindex *, u_int));
|
||||
extern int key_checkrequest
|
||||
__P((struct ipsecrequest *isr, struct secasindex *saidx));
|
||||
extern struct secasvar *key_allocsa __P((u_int family, caddr_t src, caddr_t dst,
|
||||
u_int proto, u_int32_t spi));
|
||||
extern void key_freesp __P((struct secpolicy *sp));
|
||||
extern void key_freeso __P((struct socket *so));
|
||||
extern void key_freesav __P((struct secasvar *sav));
|
||||
__P((struct ipsecrequest *isr, struct secasindex *));
|
||||
extern struct secasvar *key_allocsa __P((u_int, caddr_t, caddr_t,
|
||||
u_int, u_int32_t));
|
||||
extern void key_freesp __P((struct secpolicy *));
|
||||
extern void key_freeso __P((struct socket *));
|
||||
extern void key_freesav __P((struct secasvar *));
|
||||
extern struct secpolicy *key_newsp __P((void));
|
||||
extern struct secpolicy *key_msg2sp __P((struct sadb_x_policy *xpl0,
|
||||
size_t len, int *error));
|
||||
extern struct mbuf *key_sp2msg __P((struct secpolicy *sp));
|
||||
extern int key_ismyaddr __P((u_int family, caddr_t addr));
|
||||
extern struct secpolicy *key_msg2sp __P((struct sadb_x_policy *,
|
||||
size_t, int *));
|
||||
extern struct mbuf *key_sp2msg __P((struct secpolicy *));
|
||||
extern int key_ismyaddr __P((struct sockaddr *));
|
||||
extern int key_spdacquire __P((struct secpolicy *));
|
||||
extern void key_timehandler __P((void));
|
||||
extern void key_srandom __P((void));
|
||||
extern void key_freereg __P((struct socket *so));
|
||||
extern int key_parse __P((struct sadb_msg **msgp, struct socket *so,
|
||||
int *targetp));
|
||||
extern void key_freereg __P((struct socket *));
|
||||
extern int key_parse __P((struct mbuf *, struct socket *));
|
||||
extern void key_init __P((void));
|
||||
extern int key_checktunnelsanity __P((struct secasvar *sav, u_int family,
|
||||
caddr_t src, caddr_t dst));
|
||||
extern void key_sa_recordxfer __P((struct secasvar *sav, struct mbuf *m));
|
||||
extern void key_sa_routechange __P((struct sockaddr *dst));
|
||||
extern int key_checktunnelsanity __P((struct secasvar *, u_int,
|
||||
caddr_t, caddr_t));
|
||||
extern void key_sa_recordxfer __P((struct secasvar *, struct mbuf *));
|
||||
extern void key_sa_routechange __P((struct sockaddr *));
|
||||
|
||||
#ifdef MALLOC_DECLARE
|
||||
MALLOC_DECLARE(M_SECA);
|
||||
#endif /* MALLOC_DECLARE */
|
||||
|
||||
#if defined(__bsdi__) || defined(__NetBSD__)
|
||||
extern int key_sysctl __P((int *, u_int, void *, size_t *, void *, size_t));
|
||||
#endif
|
||||
|
||||
#endif /* defined(_KERNEL) */
|
||||
#endif /* _NETKEY_KEY_H_ */
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: key_debug.c,v 1.9 2000/02/06 12:49:50 itojun Exp $ */
|
||||
/* $NetBSD: key_debug.c,v 1.10 2000/06/12 10:40:47 itojun Exp $ */
|
||||
/* $KAME: key_debug.c,v 1.20 2000/06/10 06:39:54 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -29,8 +30,6 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* KAME Id: key_debug.c,v 1.10 2000/01/29 06:21:01 itojun Exp */
|
||||
|
||||
#ifdef _KERNEL
|
||||
#include "opt_inet.h"
|
||||
#endif
|
||||
@ -66,6 +65,7 @@ static void kdebug_sadb_lifetime __P((struct sadb_ext *));
|
||||
static void kdebug_sadb_sa __P((struct sadb_ext *));
|
||||
static void kdebug_sadb_address __P((struct sadb_ext *));
|
||||
static void kdebug_sadb_key __P((struct sadb_ext *));
|
||||
static void kdebug_sadb_x_sa2 __P((struct sadb_ext *));
|
||||
|
||||
#ifdef _KERNEL
|
||||
static void kdebug_secreplay __P((struct secreplay *));
|
||||
@ -92,11 +92,9 @@ kdebug_sadb(base)
|
||||
printf("sadb_msg{ version=%u type=%u errno=%u satype=%u\n",
|
||||
base->sadb_msg_version, base->sadb_msg_type,
|
||||
base->sadb_msg_errno, base->sadb_msg_satype);
|
||||
printf(" len=%u mode=%u seq=%u pid=%u reqid=%u\n",
|
||||
base->sadb_msg_len, base->sadb_msg_mode,
|
||||
base->sadb_msg_seq, base->sadb_msg_pid, base->sadb_msg_reqid);
|
||||
printf(" reserved1=%u reserved2=%u\n",
|
||||
base->sadb_msg_reserved1, base->sadb_msg_reserved2);
|
||||
printf(" len=%u reserved=%u seq=%u pid=%u\n",
|
||||
base->sadb_msg_len, base->sadb_msg_reserved,
|
||||
base->sadb_msg_seq, base->sadb_msg_pid);
|
||||
|
||||
tlen = PFKEY_UNUNIT64(base->sadb_msg_len) - sizeof(struct sadb_msg);
|
||||
ext = (struct sadb_ext *)((caddr_t)base + sizeof(struct sadb_msg));
|
||||
@ -151,6 +149,9 @@ kdebug_sadb(base)
|
||||
case SADB_X_EXT_POLICY:
|
||||
kdebug_sadb_x_policy(ext);
|
||||
break;
|
||||
case SADB_X_EXT_SA2:
|
||||
kdebug_sadb_x_sa2(ext);
|
||||
break;
|
||||
default:
|
||||
printf("kdebug_sadb: invalid ext_type %u was passed.\n",
|
||||
ext->sadb_ext_type);
|
||||
@ -383,6 +384,25 @@ kdebug_sadb_key(ext)
|
||||
return;
|
||||
}
|
||||
|
||||
static void
|
||||
kdebug_sadb_x_sa2(ext)
|
||||
struct sadb_ext *ext;
|
||||
{
|
||||
struct sadb_x_sa2 *sa2 = (struct sadb_x_sa2 *)ext;
|
||||
|
||||
/* sanity check */
|
||||
if (ext == NULL)
|
||||
panic("kdebug_sadb_x_sa2: NULL pointer was passed.\n");
|
||||
|
||||
printf("sadb_x_sa2{ mode=%u reqid=%u\n",
|
||||
sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid);
|
||||
printf(" reserved1=%u reserved2=%u reserved3=%u }\n",
|
||||
sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved1,
|
||||
sa2->sadb_x_sa2_reserved1);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void
|
||||
kdebug_sadb_x_policy(ext)
|
||||
struct sadb_ext *ext;
|
||||
@ -394,9 +414,9 @@ kdebug_sadb_x_policy(ext)
|
||||
if (ext == NULL)
|
||||
panic("kdebug_sadb_x_policy: NULL pointer was passed.\n");
|
||||
|
||||
printf("sadb_x_policy{ type=%u dir=%u reserved=%x }\n",
|
||||
printf("sadb_x_policy{ type=%u dir=%u id=%x }\n",
|
||||
xpl->sadb_x_policy_type, xpl->sadb_x_policy_dir,
|
||||
xpl->sadb_x_policy_reserved);
|
||||
xpl->sadb_x_policy_id);
|
||||
|
||||
if (xpl->sadb_x_policy_type == IPSEC_POLICY_IPSEC) {
|
||||
int tlen;
|
||||
@ -600,7 +620,7 @@ kdebug_secreplay(rpl)
|
||||
return;
|
||||
}
|
||||
|
||||
printf("\n bitmap { ");
|
||||
printf("\n bitmap { ");
|
||||
|
||||
for (len = 0; len < rpl->wsize; len++) {
|
||||
for (l = 7; l >= 0; l--)
|
||||
@ -617,7 +637,7 @@ kdebug_mbufhdr(m)
|
||||
{
|
||||
/* sanity check */
|
||||
if (m == NULL)
|
||||
panic("debug_mbufhdr: NULL pointer was passed.\n");
|
||||
return;
|
||||
|
||||
printf("mbuf(%p){ m_next:%p m_nextpkt:%p m_data:%p "
|
||||
"m_len:%d m_type:0x%02x m_flags:0x%02x }\n",
|
||||
@ -661,23 +681,35 @@ void
|
||||
kdebug_sockaddr(addr)
|
||||
struct sockaddr *addr;
|
||||
{
|
||||
struct sockaddr_in *sin;
|
||||
#ifdef INET6
|
||||
struct sockaddr_in6 *sin6;
|
||||
#endif
|
||||
|
||||
/* sanity check */
|
||||
if (addr == NULL)
|
||||
panic("kdebug_sockaddr: NULL pointer was passed.\n");
|
||||
|
||||
/* NOTE: We deal with port number as host byte order. */
|
||||
printf("sockaddr{ len=%u family=%u port=%u\n",
|
||||
addr->sa_len, addr->sa_family, ntohs(_INPORTBYSA(addr)));
|
||||
printf("sockaddr{ len=%u family=%u", addr->sa_len, addr->sa_family);
|
||||
|
||||
switch (addr->sa_family) {
|
||||
case AF_INET:
|
||||
sin = (struct sockaddr_in *)addr;
|
||||
printf(" port=%u\n", ntohs(sin->sin_port));
|
||||
ipsec_hexdump((caddr_t)&sin->sin_addr, sizeof(sin->sin_addr));
|
||||
break;
|
||||
#ifdef INET6
|
||||
if (addr->sa_family == PF_INET6) {
|
||||
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)addr;
|
||||
case AF_INET6:
|
||||
sin6 = (struct sockaddr_in6 *)addr;
|
||||
printf(" port=%u\n", ntohs(sin6->sin6_port));
|
||||
printf(" flowinfo=0x%08x, scope_id=0x%08x\n",
|
||||
in6->sin6_flowinfo, in6->sin6_scope_id);
|
||||
}
|
||||
sin6->sin6_flowinfo, sin6->sin6_scope_id);
|
||||
ipsec_hexdump((caddr_t)&sin6->sin6_addr,
|
||||
sizeof(sin6->sin6_addr));
|
||||
break;
|
||||
#endif
|
||||
|
||||
ipsec_hexdump(_INADDRBYSA(addr), _INALENBYAF(addr->sa_family));
|
||||
}
|
||||
|
||||
printf(" }\n");
|
||||
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: key_debug.h,v 1.5 2000/01/31 14:19:12 itojun Exp $ */
|
||||
/* $NetBSD: key_debug.h,v 1.6 2000/06/12 10:40:48 itojun Exp $ */
|
||||
/* $KAME: key_debug.h,v 1.6 2000/03/27 05:11:05 sumikawa Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -29,8 +30,6 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* KAME Id: key_debug.h,v 1.3 2000/01/29 06:21:02 itojun Exp */
|
||||
|
||||
#ifndef _NETKEY_KEY_DEBUG_H_
|
||||
#define _NETKEY_KEY_DEBUG_H_
|
||||
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: key_var.h,v 1.7 2000/01/31 14:19:12 itojun Exp $ */
|
||||
/* $NetBSD: key_var.h,v 1.8 2000/06/12 10:40:48 itojun Exp $ */
|
||||
/* $KAME: key_var.h,v 1.8 2000/05/24 17:28:23 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -87,47 +88,11 @@
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef _KERNEL
|
||||
#define _ARRAYLEN(p) (sizeof(p)/sizeof(p[0]))
|
||||
#define _KEYLEN(key) ((u_int)((key)->sadb_key_bits >> 3))
|
||||
#define _KEYBITS(key) ((u_int)((key)->sadb_key_bits))
|
||||
#define _KEYBUF(key) ((caddr_t)((caddr_t)(key) + sizeof(struct sadb_key)))
|
||||
|
||||
#define _INADDR(in) ((struct sockaddr_in *)(in))
|
||||
|
||||
#ifdef INET6
|
||||
#define _IN6ADDR(in6) ((struct sockaddr_in6 *)(in6))
|
||||
#define _SALENBYAF(family) \
|
||||
(((family) == AF_INET) ? \
|
||||
(u_int)sizeof(struct sockaddr_in) : \
|
||||
(u_int)sizeof(struct sockaddr_in6))
|
||||
#define _INALENBYAF(family) \
|
||||
(((family) == AF_INET) ? \
|
||||
(u_int)sizeof(struct in_addr) : \
|
||||
(u_int)sizeof(struct in6_addr))
|
||||
#define _INADDRBYSA(saddr) \
|
||||
((((struct sockaddr *)(saddr))->sa_family == AF_INET) ? \
|
||||
(caddr_t)&((struct sockaddr_in *)(saddr))->sin_addr : \
|
||||
(caddr_t)&((struct sockaddr_in6 *)(saddr))->sin6_addr)
|
||||
#define _INPORTBYSA(saddr) \
|
||||
((((struct sockaddr *)(saddr))->sa_family == AF_INET) ? \
|
||||
((struct sockaddr_in *)(saddr))->sin_port : \
|
||||
((struct sockaddr_in6 *)(saddr))->sin6_port)
|
||||
#if 0
|
||||
#define _SADDRBYSA(saddr) \
|
||||
((((struct sockaddr *)(saddr))->sa_family == AF_INET) ? \
|
||||
(caddr_t)&((struct sockaddr_in *)(saddr))->sin_addr.s_addr : \
|
||||
(caddr_t)&((struct sockaddr_in6 *)(saddr))->sin6_addr.s6_addr)
|
||||
#endif
|
||||
#else
|
||||
#define _IN6ADDR(in6) "#error"
|
||||
#define _SALENBYAF(family) sizeof(struct sockaddr_in)
|
||||
#define _INALENBYAF(family) sizeof(struct in_addr)
|
||||
#define _INADDRBYSA(saddr) ((caddr_t)&((struct sockaddr_in *)(saddr))->sin_addr)
|
||||
#define _INPORTBYSA(saddr) (((struct sockaddr_in *)(saddr))->sin_port)
|
||||
#if 0
|
||||
#define _SADDRBYSA(saddr) \
|
||||
((caddr_t)&((struct sockaddr_in *)(saddr))->sin_addr.s_addr)
|
||||
#endif
|
||||
#endif /* defined(INET6) */
|
||||
#endif /*_KERNEL*/
|
||||
|
||||
#endif /* _NETKEY_KEY_VAR_H_ */
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: keydb.c,v 1.2 2000/02/06 12:49:50 itojun Exp $ */
|
||||
/* $NetBSD: keydb.c,v 1.3 2000/06/12 10:40:48 itojun Exp $ */
|
||||
/* $KAME: keydb.c,v 1.64 2000/05/11 17:02:30 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -29,8 +30,6 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* KAME Id: keydb.c,v 1.58 2000/01/17 14:11:16 itojun Exp */
|
||||
|
||||
#include "opt_inet.h"
|
||||
#include "opt_ipsec.h"
|
||||
|
||||
@ -138,9 +137,14 @@ keydb_freesecasvar(p)
|
||||
{
|
||||
int s;
|
||||
|
||||
#ifdef __NetBSD__
|
||||
s = splsoftnet();
|
||||
#else
|
||||
s = splnet();
|
||||
#endif
|
||||
p->refcnt--;
|
||||
if (p->refcnt == 0)
|
||||
/* negative refcnt will cause panic intentionally */
|
||||
if (p->refcnt <= 0)
|
||||
keydb_delsecasvar(p);
|
||||
splx(s);
|
||||
}
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: keydb.h,v 1.4 2000/01/31 14:19:13 itojun Exp $ */
|
||||
/* $NetBSD: keydb.h,v 1.5 2000/06/12 10:40:48 itojun Exp $ */
|
||||
/* $KAME: keydb.h,v 1.10 2000/03/25 07:24:13 sumikawa Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -112,7 +113,7 @@ struct secreplay {
|
||||
int overflow; /* overflow flag */
|
||||
};
|
||||
|
||||
/* socket table due to send PF_KEY messages. */
|
||||
/* socket table due to send PF_KEY messages. */
|
||||
struct secreg {
|
||||
LIST_ENTRY(secreg) chain;
|
||||
|
||||
@ -120,7 +121,7 @@ struct secreg {
|
||||
};
|
||||
|
||||
#ifndef IPSEC_NONBLOCK_ACQUIRE
|
||||
/* acquiring list table. */
|
||||
/* acquiring list table. */
|
||||
struct secacq {
|
||||
LIST_ENTRY(secacq) chain;
|
||||
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: keysock.c,v 1.9 2000/03/30 13:03:58 augustss Exp $ */
|
||||
/* $NetBSD: keysock.c,v 1.10 2000/06/12 10:40:48 itojun Exp $ */
|
||||
/* $KAME: keysock.c,v 1.22 2000/05/23 13:19:21 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -29,8 +30,6 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* KAME Id: keysock.c,v 1.10 2000/01/29 06:21:02 itojun Exp */
|
||||
|
||||
#include "opt_inet.h"
|
||||
|
||||
/* This code has derived from sys/net/rtsock.c on FreeBSD2.2.5 */
|
||||
@ -61,7 +60,6 @@
|
||||
|
||||
struct sockaddr key_dst = { 2, PF_KEY, };
|
||||
struct sockaddr key_src = { 2, PF_KEY, };
|
||||
struct sockproto key_proto = { PF_KEY, PF_KEY_V2 };
|
||||
|
||||
static int key_sendup0 __P((struct rawcb *, struct mbuf *, int));
|
||||
|
||||
@ -71,18 +69,30 @@ struct pfkeystat pfkeystat;
|
||||
* key_usrreq()
|
||||
* derived from net/rtsock.c:route_usrreq()
|
||||
*/
|
||||
#ifndef __NetBSD__
|
||||
int
|
||||
key_usrreq(so, req, m, nam, control)
|
||||
register struct socket *so;
|
||||
int req;
|
||||
struct mbuf *m, *nam, *control;
|
||||
#else
|
||||
int
|
||||
key_usrreq(so, req, m, nam, control, p)
|
||||
struct socket *so;
|
||||
register struct socket *so;
|
||||
int req;
|
||||
struct mbuf *m, *nam, *control;
|
||||
struct proc *p;
|
||||
#endif /*__NetBSD__*/
|
||||
{
|
||||
int error = 0;
|
||||
struct keycb *kp = (struct keycb *)sotorawcb(so);
|
||||
register int error = 0;
|
||||
register struct keycb *kp = (struct keycb *)sotorawcb(so);
|
||||
int s;
|
||||
|
||||
#ifdef __NetBSD__
|
||||
s = splsoftnet();
|
||||
#else
|
||||
s = splnet();
|
||||
#endif
|
||||
if (req == PRU_ATTACH) {
|
||||
kp = (struct keycb *)malloc(sizeof(*kp), M_PCB, M_WAITOK);
|
||||
so->so_pcb = (caddr_t)kp;
|
||||
@ -140,10 +150,9 @@ key_output(m, va_alist)
|
||||
va_dcl
|
||||
#endif
|
||||
{
|
||||
struct sadb_msg *msg = NULL;
|
||||
struct sadb_msg *msg;
|
||||
int len, error = 0;
|
||||
int s;
|
||||
int target;
|
||||
struct socket *so;
|
||||
va_list ap;
|
||||
|
||||
@ -183,7 +192,7 @@ key_output(m, va_alist)
|
||||
|
||||
#ifdef IPSEC_DEBUG
|
||||
KEYDEBUG(KEYDEBUG_KEY_DUMP, kdebug_mbuf(m));
|
||||
#endif /* defined(IPSEC_DEBUG) */
|
||||
#endif
|
||||
|
||||
msg = mtod(m, struct sadb_msg *);
|
||||
pfkeystat.out_msgtype[msg->sadb_msg_type]++;
|
||||
@ -196,39 +205,19 @@ key_output(m, va_alist)
|
||||
goto end;
|
||||
}
|
||||
|
||||
/*
|
||||
* allocate memory for sadb_msg, and copy to sadb_msg from mbuf
|
||||
* XXX: To be processed directly without a copy.
|
||||
*/
|
||||
msg = (struct sadb_msg *)malloc(len, M_SECA, M_NOWAIT);
|
||||
if (msg == NULL) {
|
||||
#ifdef IPSEC_DEBUG
|
||||
printf("key_output: No more memory.\n");
|
||||
#endif
|
||||
error = ENOBUFS;
|
||||
pfkeystat.out_nomem++;
|
||||
goto end;
|
||||
/* or do panic ? */
|
||||
}
|
||||
m_copydata(m, 0, len, (caddr_t)msg);
|
||||
|
||||
/*XXX giant lock*/
|
||||
#ifdef __NetBSD__
|
||||
s = splsoftnet();
|
||||
if ((len = key_parse(&msg, so, &target)) == 0) {
|
||||
/* discard. i.e. no need to reply. */
|
||||
/* msg has been freed at key_parse() */
|
||||
error = 0;
|
||||
splx(s);
|
||||
goto end;
|
||||
}
|
||||
|
||||
/* send up message to the socket */
|
||||
error = key_sendup(so, msg, len, target);
|
||||
#else
|
||||
s = splnet();
|
||||
#endif
|
||||
error = key_parse(m, so);
|
||||
m = NULL;
|
||||
splx(s);
|
||||
free(msg, M_SECA);
|
||||
end:
|
||||
m_freem(m);
|
||||
return (error);
|
||||
if (m)
|
||||
m_freem(m);
|
||||
return error;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -250,7 +239,7 @@ key_sendup0(rp, m, promisc)
|
||||
#ifdef IPSEC_DEBUG
|
||||
printf("key_sendup0: cannot pullup\n");
|
||||
#endif
|
||||
pfkeystat.in_nomem++;
|
||||
pfkeystat.in_nomem++;
|
||||
m_freem(m);
|
||||
return ENOBUFS;
|
||||
}
|
||||
@ -309,7 +298,7 @@ key_sendup(so, msg, len, target)
|
||||
/*
|
||||
* Get mbuf chain whenever possible (not clusters),
|
||||
* to save socket buffer. We'll be generating many SADB_ACQUIRE
|
||||
* messages to listening key sockets. If we simmply allocate clusters,
|
||||
* messages to listening key sockets. If we simply allocate clusters,
|
||||
* sbappendaddr() will raise ENOBUFS due to too little sbspace().
|
||||
* sbspace() computes # of actual data bytes AND mbuf region.
|
||||
*
|
||||
@ -364,6 +353,7 @@ key_sendup(so, msg, len, target)
|
||||
return key_sendup_mbuf(so, m, target);
|
||||
}
|
||||
|
||||
/* so can be NULL if target != KEY_SENDUP_ONE */
|
||||
int
|
||||
key_sendup_mbuf(so, m, target)
|
||||
struct socket *so;
|
||||
@ -374,9 +364,11 @@ key_sendup_mbuf(so, m, target)
|
||||
struct keycb *kp;
|
||||
int sendup;
|
||||
struct rawcb *rp;
|
||||
int error;
|
||||
int error = 0;
|
||||
|
||||
if (so == NULL || m == NULL)
|
||||
if (m == NULL)
|
||||
panic("key_sendup_mbuf: NULL pointer was passed.\n");
|
||||
if (so == NULL && target == KEY_SENDUP_ONE)
|
||||
panic("key_sendup_mbuf: NULL pointer was passed.\n");
|
||||
|
||||
pfkeystat.in_total++;
|
||||
@ -422,14 +414,14 @@ key_sendup_mbuf(so, m, target)
|
||||
}
|
||||
|
||||
/* the exact target will be processed later */
|
||||
if (sotorawcb(so) == rp)
|
||||
if (so && sotorawcb(so) == rp)
|
||||
continue;
|
||||
|
||||
sendup = 0;
|
||||
switch (target) {
|
||||
case KEY_SENDUP_ONE:
|
||||
/* the statement has no effect */
|
||||
if (sotorawcb(so) == rp)
|
||||
if (so && sotorawcb(so) == rp)
|
||||
sendup++;
|
||||
break;
|
||||
case KEY_SENDUP_ALL:
|
||||
@ -462,8 +454,13 @@ key_sendup_mbuf(so, m, target)
|
||||
n = NULL;
|
||||
}
|
||||
|
||||
error = key_sendup0(sotorawcb(so), m, 0);
|
||||
m = NULL;
|
||||
if (so) {
|
||||
error = key_sendup0(sotorawcb(so), m, 0);
|
||||
m = NULL;
|
||||
} else {
|
||||
error = 0;
|
||||
m_freem(m);
|
||||
}
|
||||
return error;
|
||||
}
|
||||
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: keysock.h,v 1.5 2000/01/31 14:19:13 itojun Exp $ */
|
||||
/* $NetBSD: keysock.h,v 1.6 2000/06/12 10:40:48 itojun Exp $ */
|
||||
/* $KAME: keysock.h,v 1.8 2000/03/27 05:11:06 sumikawa Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -29,8 +30,6 @@
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* KAME Id: keysock.h,v 1.5 2000/01/29 06:21:03 itojun Exp */
|
||||
|
||||
#ifndef _NETKEY_KEYSOCK_H_
|
||||
#define _NETKEY_KEYSOCK_H_
|
||||
|
||||
|
@ -1,9 +1,10 @@
|
||||
# $NetBSD: Makefile,v 1.5 2000/03/13 21:04:07 itojun Exp $
|
||||
# $NetBSD: Makefile,v 1.6 2000/06/12 10:40:50 itojun Exp $
|
||||
|
||||
PROG= setkey
|
||||
SRCS= setkey.c parse.y token.l
|
||||
|
||||
CFLAGS+=-g
|
||||
CPPFLAGS+=-I${.CURDIR}/../../lib/libipsec
|
||||
LDADD+= -ll -ly
|
||||
DPADD+= ${LIBL} ${LIBY}
|
||||
CLEANFILES+= y.tab.c y.tab.h key_test.o keytest
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: parse.y,v 1.5 2000/03/06 22:19:27 itojun Exp $ */
|
||||
/* $NetBSD: parse.y,v 1.6 2000/06/12 10:40:50 itojun Exp $ */
|
||||
/* $KAME: parse.y,v 1.29 2000/06/10 14:17:44 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -28,7 +29,6 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
/* KAME Id: parse.y,v 1.14 1999/12/30 15:13:27 sakane Exp */
|
||||
|
||||
%{
|
||||
#include <sys/types.h>
|
||||
@ -45,9 +45,11 @@
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <netdb.h>
|
||||
#include <ctype.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "libpfkey.h"
|
||||
#include "vchar.h"
|
||||
|
||||
#define ATOX(c) \
|
||||
@ -78,6 +80,7 @@ extern char cmdarg[8192];
|
||||
extern int f_debug;
|
||||
|
||||
int setkeymsg __P((void));
|
||||
static struct addrinfo *parse_addr __P((char *, char *, int));
|
||||
static int setvarbuf __P((int *, struct sadb_ext *, int, caddr_t, int));
|
||||
void parse_init __P((void));
|
||||
void free_buffer __P((void));
|
||||
@ -86,7 +89,8 @@ extern int setkeymsg __P((void));
|
||||
extern int sendkeymsg __P((void));
|
||||
|
||||
extern int yylex __P((void));
|
||||
extern void yyerror __P((char *));
|
||||
extern void yyfatal __P((const char *));
|
||||
extern void yyerror __P((const char *));
|
||||
%}
|
||||
|
||||
%union {
|
||||
@ -96,7 +100,7 @@ extern void yyerror __P((char *));
|
||||
|
||||
%token EOT
|
||||
%token ADD GET DELETE FLUSH DUMP
|
||||
%token IP4_ADDRESS IP6_ADDRESS PREFIX PORT PORTANY
|
||||
%token ADDRESS PREFIX PORT PORTANY
|
||||
%token UP_PROTO PR_ESP PR_AH PR_IPCOMP
|
||||
%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
|
||||
%token F_MODE MODE F_REQID
|
||||
@ -112,7 +116,7 @@ extern void yyerror __P((char *));
|
||||
%type <num> UP_PROTO PR_ESP PR_AH PR_IPCOMP
|
||||
%type <num> ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP
|
||||
%type <num> DECSTRING
|
||||
%type <val> IP4_ADDRESS IP6_ADDRESS PL_REQUESTS
|
||||
%type <val> ADDRESS PL_REQUESTS
|
||||
%type <val> key_string policy_requests
|
||||
%type <val> QUOTEDSTRING HEXSTRING
|
||||
|
||||
@ -154,13 +158,23 @@ add_command
|
||||
/* delete */
|
||||
delete_command
|
||||
: DELETE { p_type = SADB_DELETE; }
|
||||
sa_selector_spec extension_spec EOT
|
||||
sa_selector_spec extension_spec
|
||||
{
|
||||
if (p_mode != IPSEC_MODE_ANY)
|
||||
yyerror("WARNING: mode is obsoleted.");
|
||||
}
|
||||
EOT
|
||||
;
|
||||
|
||||
/* get command */
|
||||
get_command
|
||||
: GET { p_type = SADB_GET; }
|
||||
sa_selector_spec extension_spec EOT
|
||||
sa_selector_spec extension_spec
|
||||
{
|
||||
if (p_mode != IPSEC_MODE_ANY)
|
||||
yyerror("WARNING: mode is obsoleted.");
|
||||
}
|
||||
EOT
|
||||
;
|
||||
|
||||
/* flush */
|
||||
@ -345,7 +359,7 @@ key_string
|
||||
|
||||
if ((pp_key = malloc($1.len)) == 0) {
|
||||
free($1.buf);
|
||||
yyerror(strerror(errno));
|
||||
yyerror("not enough core");
|
||||
return -1;
|
||||
}
|
||||
memset(pp_key, 0, $1.len);
|
||||
@ -367,7 +381,7 @@ extension_spec
|
||||
|
||||
extension
|
||||
: F_EXT EXTENSION { p_ext |= $2; }
|
||||
| F_EXT NOCYCLICSEQ { p_ext ^= SADB_X_EXT_CYCSEQ; }
|
||||
| F_EXT NOCYCLICSEQ { p_ext &= ~SADB_X_EXT_CYCSEQ; }
|
||||
| F_MODE MODE { p_mode = $2; }
|
||||
| F_MODE ANY { p_mode = IPSEC_MODE_ANY; }
|
||||
| F_REQID DECSTRING { p_reqid = $2; }
|
||||
@ -401,7 +415,7 @@ spddelete_command:
|
||||
p_type = SADB_X_SPDDELETE;
|
||||
p_satype = SADB_SATYPE_UNSPEC;
|
||||
}
|
||||
sp_selector_spec EOT
|
||||
sp_selector_spec policy_spec EOT
|
||||
;
|
||||
|
||||
spddump_command:
|
||||
@ -426,12 +440,46 @@ spdflush_command:
|
||||
sp_selector_spec
|
||||
: ipaddress { p_src = pp_addr; }
|
||||
prefix { p_prefs = pp_prefix; }
|
||||
port { _INPORTBYSA(p_src) = htons(pp_port); }
|
||||
port
|
||||
{
|
||||
switch (p_src->sa_family) {
|
||||
case AF_INET:
|
||||
((struct sockaddr_in *)p_src)->sin_port =
|
||||
htons(pp_port);
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
((struct sockaddr_in6 *)p_src)->sin6_port =
|
||||
htons(pp_port);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
exit(1); /*XXX*/
|
||||
}
|
||||
}
|
||||
ipaddress { p_dst = pp_addr; }
|
||||
prefix { p_prefd = pp_prefix; }
|
||||
port { _INPORTBYSA(p_dst) = htons(pp_port); }
|
||||
port
|
||||
{
|
||||
switch (p_dst->sa_family) {
|
||||
case AF_INET:
|
||||
((struct sockaddr_in *)p_dst)->sin_port =
|
||||
htons(pp_port);
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
((struct sockaddr_in6 *)p_dst)->sin6_port =
|
||||
htons(pp_port);
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
exit(1); /*XXX*/
|
||||
}
|
||||
}
|
||||
upper_spec
|
||||
{
|
||||
/* XXX is it something userland should check? */
|
||||
#if 0
|
||||
switch (p_upper) {
|
||||
case IPPROTO_ICMP:
|
||||
case IPPROTO_ICMPV6:
|
||||
@ -440,57 +488,41 @@ sp_selector_spec
|
||||
yyerror("port number must be \"any\".");
|
||||
return -1;
|
||||
}
|
||||
if ((pp_addr->sa_family == AF_INET6
|
||||
&& p_upper == IPPROTO_ICMP)
|
||||
|| (pp_addr->sa_family == AF_INET
|
||||
&& p_upper == IPPROTO_ICMPV6)) {
|
||||
yyerror("upper layer protocol "
|
||||
"mismatched.\n");
|
||||
return -1;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
#endif
|
||||
}
|
||||
;
|
||||
|
||||
ipaddress
|
||||
: IP4_ADDRESS
|
||||
: ADDRESS
|
||||
{
|
||||
struct sockaddr_in *in;
|
||||
u_int sa_len = $1.len;
|
||||
struct addrinfo *res;
|
||||
|
||||
if ((in = (struct sockaddr_in *)malloc(sa_len)) == 0) {
|
||||
yyerror(strerror(errno));
|
||||
res = parse_addr($1.buf, NULL, AI_NUMERICHOST);
|
||||
if (res == NULL) {
|
||||
free($1.buf);
|
||||
return -1;
|
||||
}
|
||||
memset((caddr_t)in, 0, sa_len);
|
||||
|
||||
in->sin_family = PF_INET;
|
||||
in->sin_len = sa_len;
|
||||
in->sin_port = IPSEC_PORT_ANY;
|
||||
(void)inet_pton(PF_INET, $1.buf, &in->sin_addr);
|
||||
|
||||
pp_addr = (struct sockaddr *)in;
|
||||
free($1.buf);
|
||||
}
|
||||
| IP6_ADDRESS
|
||||
{
|
||||
#ifdef INET6
|
||||
struct sockaddr_in6 *in6;
|
||||
u_int sa_len = $1.len;
|
||||
|
||||
if ((in6 = (struct sockaddr_in6 *)malloc(sa_len)) == 0) {
|
||||
free($1.buf);
|
||||
yyerror(strerror(errno));
|
||||
return -1;
|
||||
pp_addr = (struct sockaddr *)malloc(res->ai_addrlen);
|
||||
if (!pp_addr) {
|
||||
yyerror("not enough core");
|
||||
goto end;
|
||||
}
|
||||
memset((caddr_t)in6, 0, sa_len);
|
||||
|
||||
in6->sin6_family = PF_INET6;
|
||||
in6->sin6_len = sa_len;
|
||||
in6->sin6_port = IPSEC_PORT_ANY;
|
||||
(void)inet_pton(PF_INET6, $1.buf,
|
||||
&in6->sin6_addr);
|
||||
|
||||
pp_addr = (struct sockaddr *)in6;
|
||||
#else
|
||||
yyerror("IPv6 address not supported");
|
||||
#endif
|
||||
memcpy(pp_addr, res->ai_addr, res->ai_addrlen);
|
||||
end:
|
||||
freeaddrinfo(res);
|
||||
free($1.buf);
|
||||
}
|
||||
;
|
||||
@ -547,12 +579,9 @@ setkeymsg()
|
||||
m_msg.sadb_msg_type = p_type;
|
||||
m_msg.sadb_msg_errno = 0;
|
||||
m_msg.sadb_msg_satype = p_satype;
|
||||
m_msg.sadb_msg_mode = p_mode;
|
||||
m_msg.sadb_msg_reserved1 = 0;
|
||||
m_msg.sadb_msg_reserved = 0;
|
||||
m_msg.sadb_msg_seq = 0;
|
||||
m_msg.sadb_msg_pid = getpid();
|
||||
m_msg.sadb_msg_reqid = p_reqid;
|
||||
m_msg.sadb_msg_reserved2 = 0;
|
||||
|
||||
m_len = sizeof(struct sadb_msg);
|
||||
memcpy(m_buf, &m_msg, m_len);
|
||||
@ -632,6 +661,7 @@ setkeymsg()
|
||||
case SADB_GET:
|
||||
{
|
||||
struct sadb_sa m_sa;
|
||||
struct sadb_x_sa2 m_sa2;
|
||||
struct sadb_address m_addr;
|
||||
u_int len;
|
||||
|
||||
@ -648,14 +678,36 @@ setkeymsg()
|
||||
memcpy(m_buf + m_len, &m_sa, len);
|
||||
m_len += len;
|
||||
|
||||
len = sizeof(struct sadb_x_sa2);
|
||||
m_sa2.sadb_x_sa2_len = PFKEY_UNIT64(len);
|
||||
m_sa2.sadb_x_sa2_exttype = SADB_X_EXT_SA2;
|
||||
m_sa2.sadb_x_sa2_mode = p_mode;
|
||||
m_sa2.sadb_x_sa2_reqid = p_reqid;
|
||||
|
||||
memcpy(m_buf + m_len, &m_sa2, len);
|
||||
m_len += len;
|
||||
|
||||
/* set src */
|
||||
m_addr.sadb_address_len =
|
||||
PFKEY_UNIT64(sizeof(m_addr)
|
||||
+ PFKEY_ALIGN8(p_src->sa_len));
|
||||
m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
|
||||
m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
|
||||
m_addr.sadb_address_prefixlen =
|
||||
_INALENBYAF(p_src->sa_family) << 3;
|
||||
switch (p_src->sa_family) {
|
||||
case AF_INET:
|
||||
m_addr.sadb_address_prefixlen =
|
||||
sizeof(struct in_addr) << 3;
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
m_addr.sadb_address_prefixlen =
|
||||
sizeof(struct in6_addr) << 3;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
yyerror("unsupported address family");
|
||||
exit(1); /*XXX*/
|
||||
}
|
||||
m_addr.sadb_address_reserved = 0;
|
||||
|
||||
setvarbuf(&m_len,
|
||||
@ -668,8 +720,21 @@ setkeymsg()
|
||||
+ PFKEY_ALIGN8(p_dst->sa_len));
|
||||
m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
|
||||
m_addr.sadb_address_proto = IPSEC_ULPROTO_ANY;
|
||||
m_addr.sadb_address_prefixlen =
|
||||
_INALENBYAF(p_dst->sa_family) << 3;
|
||||
switch (p_dst->sa_family) {
|
||||
case AF_INET:
|
||||
m_addr.sadb_address_prefixlen =
|
||||
sizeof(struct in_addr) << 3;
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
m_addr.sadb_address_prefixlen =
|
||||
sizeof(struct in6_addr) << 3;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
yyerror("unsupported address family");
|
||||
exit(1); /*XXX*/
|
||||
}
|
||||
m_addr.sadb_address_reserved = 0;
|
||||
|
||||
setvarbuf(&m_len,
|
||||
@ -684,17 +749,15 @@ setkeymsg()
|
||||
break;
|
||||
|
||||
case SADB_X_SPDADD:
|
||||
case SADB_X_SPDDELETE:
|
||||
{
|
||||
struct sadb_address m_addr;
|
||||
u_int8_t plen;
|
||||
|
||||
memcpy(m_buf + m_len, p_policy, p_policy_len);
|
||||
m_len += p_policy_len;
|
||||
free(p_policy);
|
||||
p_policy = NULL;
|
||||
}
|
||||
/* FALLTHROUGH */
|
||||
|
||||
case SADB_X_SPDDELETE:
|
||||
{
|
||||
struct sadb_address m_addr;
|
||||
|
||||
/* set src */
|
||||
m_addr.sadb_address_len =
|
||||
@ -702,9 +765,21 @@ setkeymsg()
|
||||
+ PFKEY_ALIGN8(p_src->sa_len));
|
||||
m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_SRC;
|
||||
m_addr.sadb_address_proto = p_upper;
|
||||
switch (p_src->sa_family) {
|
||||
case AF_INET:
|
||||
plen = sizeof(struct in_addr) << 3;
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
plen = sizeof(struct in6_addr) << 3;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
yyerror("unsupported address family");
|
||||
exit(1); /*XXX*/
|
||||
}
|
||||
m_addr.sadb_address_prefixlen =
|
||||
(p_prefs != ~0 ? p_prefs :
|
||||
_INALENBYAF(p_src->sa_family) << 3);
|
||||
(p_prefs != ~0 ? p_prefs : plen);
|
||||
m_addr.sadb_address_reserved = 0;
|
||||
|
||||
setvarbuf(&m_len,
|
||||
@ -717,9 +792,21 @@ setkeymsg()
|
||||
+ PFKEY_ALIGN8(p_dst->sa_len));
|
||||
m_addr.sadb_address_exttype = SADB_EXT_ADDRESS_DST;
|
||||
m_addr.sadb_address_proto = p_upper;
|
||||
switch (p_dst->sa_family) {
|
||||
case AF_INET:
|
||||
plen = sizeof(struct in_addr) << 3;
|
||||
break;
|
||||
#ifdef INET6
|
||||
case AF_INET6:
|
||||
plen = sizeof(struct in6_addr) << 3;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
yyerror("unsupported address family");
|
||||
exit(1); /*XXX*/
|
||||
}
|
||||
m_addr.sadb_address_prefixlen =
|
||||
(p_prefd != ~0 ? p_prefd :
|
||||
_INALENBYAF(p_dst->sa_family) << 3);
|
||||
(p_prefd != ~0 ? p_prefd : plen);
|
||||
m_addr.sadb_address_reserved = 0;
|
||||
|
||||
setvarbuf(&m_len,
|
||||
@ -734,6 +821,30 @@ setkeymsg()
|
||||
return 0;
|
||||
}
|
||||
|
||||
static struct addrinfo *
|
||||
parse_addr(host, port, flag)
|
||||
char *host;
|
||||
char *port;
|
||||
int flag;
|
||||
{
|
||||
struct addrinfo hints, *res = NULL;
|
||||
int error;
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = PF_UNSPEC;
|
||||
hints.ai_socktype = SOCK_DGRAM;
|
||||
hints.ai_flags = flag;
|
||||
error = getaddrinfo(host, port, &hints, &res);
|
||||
if (error != 0) {
|
||||
yyerror(gai_strerror(error));
|
||||
return NULL;
|
||||
}
|
||||
if (res->ai_next != NULL) {
|
||||
yyerror(gai_strerror(error));
|
||||
}
|
||||
return res;
|
||||
}
|
||||
|
||||
static int
|
||||
setvarbuf(off, ebuf, elen, vbuf, vlen)
|
||||
caddr_t vbuf;
|
||||
|
@ -1,5 +1,5 @@
|
||||
.\" $NetBSD: setkey.8,v 1.10 2000/05/15 16:26:16 itojun Exp $
|
||||
.\" $KAME: setkey.8,v 1.26 2000/05/15 16:23:55 itojun Exp $
|
||||
.\" $NetBSD: setkey.8,v 1.11 2000/06/12 10:40:50 itojun Exp $
|
||||
.\" $KAME: setkey.8,v 1.27 2000/06/10 14:17:44 sakane Exp $
|
||||
.\"
|
||||
.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
.\" All rights reserved.
|
||||
@ -130,7 +130,6 @@ Add an SAD entry.
|
||||
.It Xo
|
||||
.Li get
|
||||
.Ar src Ar dst Ar protocol Ar spi
|
||||
.Op Fl m Ar mode
|
||||
.Li ;
|
||||
.Xc
|
||||
Show an SAD entry.
|
||||
@ -138,7 +137,6 @@ Show an SAD entry.
|
||||
.It Xo
|
||||
.Li delete
|
||||
.Ar src Ar dst Ar protocol Ar spi
|
||||
.Op Fl m Ar mode
|
||||
.Li ;
|
||||
.Xc
|
||||
Remove an SAD entry.
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: setkey.c,v 1.6 2000/04/16 16:15:59 itojun Exp $ */
|
||||
/* $NetBSD: setkey.c,v 1.7 2000/06/12 10:40:50 itojun Exp $ */
|
||||
/* $KAME: setkey.c,v 1.14 2000/06/10 06:47:09 sakane Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -28,7 +29,6 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
/* KAME Id: setkey.c,v 1.11 2000/04/16 16:14:09 itojun Exp */
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
@ -51,6 +51,8 @@
|
||||
#include <errno.h>
|
||||
#include <netdb.h>
|
||||
|
||||
#include "libpfkey.h"
|
||||
|
||||
void Usage __P((void));
|
||||
int main __P((int, char **));
|
||||
int get_supported __P((void));
|
||||
@ -219,12 +221,9 @@ sendkeyshort(type)
|
||||
m_msg->sadb_msg_errno = 0;
|
||||
m_msg->sadb_msg_satype = SADB_SATYPE_UNSPEC;
|
||||
m_msg->sadb_msg_len = PFKEY_UNIT64(m_len);
|
||||
m_msg->sadb_msg_mode = IPSEC_MODE_ANY;
|
||||
m_msg->sadb_msg_reserved1 = 0;
|
||||
m_msg->sadb_msg_reserved = 0;
|
||||
m_msg->sadb_msg_seq = 0;
|
||||
m_msg->sadb_msg_pid = getpid();
|
||||
m_msg->sadb_msg_reqid = 0;
|
||||
m_msg->sadb_msg_reserved2 = 0;
|
||||
|
||||
sendkeymsg();
|
||||
|
||||
@ -245,12 +244,9 @@ promisc()
|
||||
m_msg->sadb_msg_errno = 0;
|
||||
m_msg->sadb_msg_satype = 1;
|
||||
m_msg->sadb_msg_len = PFKEY_UNIT64(m_len);
|
||||
m_msg->sadb_msg_mode = IPSEC_MODE_ANY;
|
||||
m_msg->sadb_msg_reserved1 = 0;
|
||||
m_msg->sadb_msg_reserved = 0;
|
||||
m_msg->sadb_msg_seq = 0;
|
||||
m_msg->sadb_msg_pid = getpid();
|
||||
m_msg->sadb_msg_reqid = 0;
|
||||
m_msg->sadb_msg_reserved2 = 0;
|
||||
|
||||
if ((so = socket(PF_KEY, SOCK_RAW, PF_KEY_V2)) < 0) {
|
||||
err(1, "socket(PF_KEY)");
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: test-pfkey.c,v 1.3 2000/01/31 14:22:44 itojun Exp $ */
|
||||
/* $NetBSD: test-pfkey.c,v 1.4 2000/06/12 10:40:50 itojun Exp $ */
|
||||
/* $KAME: test-pfkey.c,v 1.4 2000/06/07 00:29:14 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -28,7 +29,6 @@
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
/* KAME Id: test-pfkey.c,v 1.2 1999/10/26 08:09:17 itojun Exp */
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/param.h>
|
||||
@ -47,6 +47,7 @@
|
||||
#include <ctype.h>
|
||||
#include <unistd.h>
|
||||
#include <errno.h>
|
||||
#include <netdb.h>
|
||||
|
||||
u_char m_buf[BUFSIZ];
|
||||
u_int m_len;
|
||||
@ -136,11 +137,14 @@ key_setsadbmsg(type)
|
||||
{
|
||||
struct sadb_msg m_msg;
|
||||
|
||||
memset(&m_msg, 0, sizeof(m_msg));
|
||||
m_msg.sadb_msg_version = PF_KEY_V2;
|
||||
m_msg.sadb_msg_type = type;
|
||||
m_msg.sadb_msg_errno = 0;
|
||||
m_msg.sadb_msg_satype = SADB_SATYPE_ESP;
|
||||
#if 0
|
||||
m_msg.sadb_msg_reserved = 0;
|
||||
#endif
|
||||
m_msg.sadb_msg_seq = 0;
|
||||
m_msg.sadb_msg_pid = getpid();
|
||||
|
||||
@ -467,32 +471,49 @@ key_setsadbaddr(ext, af, str)
|
||||
caddr_t str;
|
||||
{
|
||||
struct sadb_address m_addr;
|
||||
u_char abuf[64];
|
||||
struct sockaddr *a = (struct sockaddr *)abuf;
|
||||
u_int len;
|
||||
struct addrinfo hints, *res;
|
||||
const char *serv;
|
||||
int plen;
|
||||
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
plen = sizeof(struct in_addr) << 3;
|
||||
break;
|
||||
case AF_INET6:
|
||||
plen = sizeof(struct in6_addr) << 3;
|
||||
break;
|
||||
default:
|
||||
/* XXX bark */
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* make sockaddr buffer */
|
||||
memset(abuf, 0, sizeof(abuf));
|
||||
a->sa_len = _SALENBYAF(af);
|
||||
a->sa_family = af;
|
||||
_INPORTBYSA(a) =
|
||||
(ext == SADB_EXT_ADDRESS_PROXY ? 0 : htons(0x1234));
|
||||
if (inet_pton(af, str, _INADDRBYSA(a)) != 1)
|
||||
; /* XXX do something */
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = af;
|
||||
hints.ai_socktype = SOCK_DGRAM; /*dummy*/
|
||||
hints.ai_flags = AI_NUMERICHOST;
|
||||
serv = (ext == SADB_EXT_ADDRESS_PROXY ? "0" : "4660"); /*0x1234*/
|
||||
if (getaddrinfo(str, serv, &hints, &res) != 0 || res->ai_next) {
|
||||
/* XXX bark */
|
||||
exit(1);
|
||||
}
|
||||
|
||||
len = sizeof(struct sadb_address) + PFKEY_ALIGN8(a->sa_len);
|
||||
len = sizeof(struct sadb_address) + PFKEY_ALIGN8(res->ai_addrlen);
|
||||
m_addr.sadb_address_len = PFKEY_UNIT64(len);
|
||||
m_addr.sadb_address_exttype = ext;
|
||||
m_addr.sadb_address_proto =
|
||||
(ext == SADB_EXT_ADDRESS_PROXY ? 0 : IPPROTO_TCP);
|
||||
m_addr.sadb_address_prefixlen = _INALENBYAF(af);
|
||||
m_addr.sadb_address_prefixlen = plen;
|
||||
m_addr.sadb_address_reserved = 0;
|
||||
|
||||
key_setsadbextbuf(m_buf, m_len,
|
||||
(caddr_t)&m_addr, sizeof(struct sadb_address),
|
||||
abuf, a->sa_len);
|
||||
(caddr_t)res->ai_addr, res->ai_addrlen);
|
||||
m_len += len;
|
||||
|
||||
freeaddrinfo(res);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: token.l,v 1.6 2000/03/15 00:24:31 itojun Exp $ */
|
||||
/* $NetBSD: token.l,v 1.7 2000/06/12 10:40:51 itojun Exp $ */
|
||||
/* $KAME: token.l,v 1.13 2000/06/07 00:29:14 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
@ -71,7 +72,8 @@ extern u_int m_len;
|
||||
extern int f_debug;
|
||||
|
||||
int yylex __P((void));
|
||||
void yyerror __P((char *s));
|
||||
void yyfatal __P((const char *s));
|
||||
void yyerror __P((const char *s));
|
||||
extern void parse_init __P((void));
|
||||
int parse __P((FILE **));
|
||||
int yyparse __P((void));
|
||||
@ -106,9 +108,7 @@ decstring {digit}+
|
||||
hexpair {hexdigit}{hexdigit}
|
||||
hexstring 0[xX]{hexdigit}+
|
||||
octetstring {octet}({dot}{octet})+
|
||||
ipaddress {ipv4addr}|{ipv6addr}
|
||||
ipv4addr {digit}{1,3}({dot}{digit}{1,3}){0,3}
|
||||
ipv6addr ({hexdigit}{0,4}({colon}{hexdigit}{0,4}){2,7}|{hexdigit}{0,4}({colon}{hexdigit}{0,4}){2,7}%{letter}+|{hexdigit}{0,4}({colon}{hexdigit}{0,4}){2,5}{colon}{ipv4addr})
|
||||
ipaddress [a-fA-F0-9:]([a-fA-F0-9:\.]*|[a-fA-F0-9:\.]*%[a-zA-Z0-9]*)
|
||||
ipaddrmask {slash}{digit}{1,3}
|
||||
ipaddrport {blcl}{decstring}{elcl}
|
||||
keyword {letter}{letter}+
|
||||
@ -171,9 +171,6 @@ des-cbc { PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC); }
|
||||
simple { PREPROC; yylval.num = SADB_EALG_NULL; return(ALG_ENC); }
|
||||
blowfish-cbc { PREPROC; yylval.num = SADB_EALG_BLOWFISHCBC; return(ALG_ENC); }
|
||||
cast128-cbc { PREPROC; yylval.num = SADB_EALG_CAST128CBC; return(ALG_ENC); }
|
||||
/*
|
||||
rc5-cbc { PREPROC; yylval.num = SADB_EALG_RC5CBC; return(ALG_ENC); }
|
||||
*/
|
||||
des-deriv { PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC_DESDERIV); }
|
||||
des-32iv { PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC_DES32IV); }
|
||||
|
||||
@ -221,31 +218,13 @@ any { PREPROC; return(ANY); }
|
||||
return(DECSTRING);
|
||||
}
|
||||
|
||||
{ipv4addr} {
|
||||
/*
|
||||
* I can't supprt the type without dot,
|
||||
* because it's umbiguous against {decstring}.
|
||||
* e.g. 127
|
||||
*/
|
||||
{ipaddress} {
|
||||
PREPROC;
|
||||
|
||||
yylval.val.len = sizeof(struct sockaddr_in);
|
||||
yylval.val.len = yyleng;
|
||||
yylval.val.buf = strdup(yytext);
|
||||
|
||||
return(IP4_ADDRESS);
|
||||
}
|
||||
|
||||
{ipv6addr} {
|
||||
#ifdef INET6
|
||||
PREPROC;
|
||||
|
||||
yylval.val.len = sizeof(struct sockaddr_in6);
|
||||
yylval.val.buf = strdup(yytext);
|
||||
|
||||
return(IP6_ADDRESS);
|
||||
#else
|
||||
yyerror("IPv6 address not supported");
|
||||
#endif
|
||||
return(ADDRESS);
|
||||
}
|
||||
|
||||
{ipaddrmask} {
|
||||
@ -296,12 +275,24 @@ any { PREPROC; return(ANY); }
|
||||
return(QUOTEDSTRING);
|
||||
}
|
||||
|
||||
. { yyerror("Syntax error"); }
|
||||
. {
|
||||
yyfatal("Syntax error");
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
|
||||
%%
|
||||
|
||||
void
|
||||
yyerror(char *s)
|
||||
yyfatal(s)
|
||||
const char *s;
|
||||
{
|
||||
yyerror(s);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
void
|
||||
yyerror(s)
|
||||
const char *s;
|
||||
{
|
||||
printf("line %d: %s at [%s]\n", lineno, s, yytext);
|
||||
}
|
||||
@ -321,4 +312,3 @@ parse(fp)
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
||||
|
@ -1,9 +1,10 @@
|
||||
/* $NetBSD: vchar.h,v 1.2 1999/07/06 13:13:03 itojun Exp $ */
|
||||
/* $NetBSD: vchar.h,v 1.3 2000/06/12 10:40:51 itojun Exp $ */
|
||||
/* $KAME: vchar.h,v 1.2 2000/06/07 00:29:14 itojun Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
@ -15,7 +16,7 @@
|
||||
* 3. Neither the name of the project nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
|
Loading…
Reference in New Issue
Block a user