Hide details of the sadb message format (NFCI)
Especially src0 + 1 and dst0 + 1 shouldn't be exposed.
This commit is contained in:
parent
5f91e65caa
commit
ee8d21398c
|
@ -1,4 +1,4 @@
|
||||||
/* $NetBSD: key.c,v 1.150 2017/05/30 09:39:53 ozaki-r Exp $ */
|
/* $NetBSD: key.c,v 1.151 2017/05/31 01:31:07 ozaki-r Exp $ */
|
||||||
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
|
/* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */
|
||||||
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
|
/* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */
|
||||||
|
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <sys/cdefs.h>
|
#include <sys/cdefs.h>
|
||||||
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.150 2017/05/30 09:39:53 ozaki-r Exp $");
|
__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.151 2017/05/31 01:31:07 ozaki-r Exp $");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This code is referd to RFC 2367
|
* This code is referd to RFC 2367
|
||||||
|
@ -339,28 +339,13 @@ do { \
|
||||||
} \
|
} \
|
||||||
} while (0)
|
} while (0)
|
||||||
|
|
||||||
/*
|
|
||||||
* set parameters into secpolicyindex buffer.
|
|
||||||
* Must allocate secpolicyindex buffer passed to this function.
|
|
||||||
*/
|
|
||||||
#define KEY_SETSECSPIDX(_dir, s, d, ps, pd, ulp, idx) \
|
|
||||||
do { \
|
|
||||||
memset((idx), 0, sizeof(struct secpolicyindex)); \
|
|
||||||
(idx)->dir = (_dir); \
|
|
||||||
(idx)->prefs = (ps); \
|
|
||||||
(idx)->prefd = (pd); \
|
|
||||||
(idx)->ul_proto = (ulp); \
|
|
||||||
memcpy(&(idx)->src, (s), ((const struct sockaddr *)(s))->sa_len); \
|
|
||||||
memcpy(&(idx)->dst, (d), ((const struct sockaddr *)(d))->sa_len); \
|
|
||||||
} while (0)
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* set parameters into secasindex buffer.
|
* set parameters into secasindex buffer.
|
||||||
* Must allocate secasindex buffer before calling this function.
|
* Must allocate secasindex buffer before calling this function.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
key_setsecasidx (int, int, int, const struct sadb_address *,
|
key_setsecasidx(int, int, int, const struct sockaddr *,
|
||||||
const struct sadb_address *, struct secasindex *);
|
const struct sockaddr *, struct secasindex *);
|
||||||
|
|
||||||
/* key statistics */
|
/* key statistics */
|
||||||
struct _keystat {
|
struct _keystat {
|
||||||
|
@ -374,6 +359,16 @@ struct sadb_msghdr {
|
||||||
int extlen[SADB_EXT_MAX + 1];
|
int extlen[SADB_EXT_MAX + 1];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
static void
|
||||||
|
key_init_spidx_bymsghdr(struct secpolicyindex *, const struct sadb_msghdr *);
|
||||||
|
|
||||||
|
static const struct sockaddr *
|
||||||
|
key_msghdr_get_sockaddr(const struct sadb_msghdr *mhp, int idx)
|
||||||
|
{
|
||||||
|
|
||||||
|
return PFKEY_ADDR_SADDR((struct sadb_address *)mhp->ext[idx]);
|
||||||
|
}
|
||||||
|
|
||||||
static struct secasvar *key_allocsa_policy (const struct secasindex *);
|
static struct secasvar *key_allocsa_policy (const struct secasindex *);
|
||||||
#if 0
|
#if 0
|
||||||
static void key_freeso(struct socket *);
|
static void key_freeso(struct socket *);
|
||||||
|
@ -1854,7 +1849,7 @@ static int
|
||||||
key_spdadd(struct socket *so, struct mbuf *m,
|
key_spdadd(struct socket *so, struct mbuf *m,
|
||||||
const struct sadb_msghdr *mhp)
|
const struct sadb_msghdr *mhp)
|
||||||
{
|
{
|
||||||
const struct sadb_address *src0, *dst0;
|
const struct sockaddr *src, *dst;
|
||||||
const struct sadb_x_policy *xpl0;
|
const struct sadb_x_policy *xpl0;
|
||||||
struct sadb_x_policy *xpl;
|
struct sadb_x_policy *xpl;
|
||||||
const struct sadb_lifetime *lft = NULL;
|
const struct sadb_lifetime *lft = NULL;
|
||||||
|
@ -1889,19 +1884,11 @@ key_spdadd(struct socket *so, struct mbuf *m,
|
||||||
lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
|
lft = (struct sadb_lifetime *)mhp->ext[SADB_EXT_LIFETIME_HARD];
|
||||||
}
|
}
|
||||||
|
|
||||||
src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
|
src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
|
||||||
dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
|
dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
|
||||||
xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
|
xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
|
||||||
|
|
||||||
/* make secindex */
|
key_init_spidx_bymsghdr(&spidx, mhp);
|
||||||
/* XXX boundary check against sa_len */
|
|
||||||
KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
|
|
||||||
src0 + 1,
|
|
||||||
dst0 + 1,
|
|
||||||
src0->sadb_address_prefixlen,
|
|
||||||
dst0->sadb_address_prefixlen,
|
|
||||||
src0->sadb_address_proto,
|
|
||||||
&spidx);
|
|
||||||
|
|
||||||
/* checking the direciton. */
|
/* checking the direciton. */
|
||||||
switch (xpl0->sadb_x_policy_dir) {
|
switch (xpl0->sadb_x_policy_dir) {
|
||||||
|
@ -1963,23 +1950,14 @@ key_spdadd(struct socket *so, struct mbuf *m,
|
||||||
return key_senderror(so, m, ENOBUFS);
|
return key_senderror(so, m, ENOBUFS);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* XXX boundary check against sa_len */
|
key_init_spidx_bymsghdr(&newsp->spidx, mhp);
|
||||||
KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
|
|
||||||
src0 + 1,
|
|
||||||
dst0 + 1,
|
|
||||||
src0->sadb_address_prefixlen,
|
|
||||||
dst0->sadb_address_prefixlen,
|
|
||||||
src0->sadb_address_proto,
|
|
||||||
&newsp->spidx);
|
|
||||||
|
|
||||||
/* sanity check on addr pair */
|
/* sanity check on addr pair */
|
||||||
if (((const struct sockaddr *)(src0 + 1))->sa_family !=
|
if (src->sa_family != dst->sa_family) {
|
||||||
((const struct sockaddr *)(dst0+ 1))->sa_family) {
|
|
||||||
kmem_free(newsp, sizeof(*newsp));
|
kmem_free(newsp, sizeof(*newsp));
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
}
|
}
|
||||||
if (((const struct sockaddr *)(src0 + 1))->sa_len !=
|
if (src->sa_len != dst->sa_len) {
|
||||||
((const struct sockaddr *)(dst0+ 1))->sa_len) {
|
|
||||||
kmem_free(newsp, sizeof(*newsp));
|
kmem_free(newsp, sizeof(*newsp));
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
}
|
}
|
||||||
|
@ -2114,7 +2092,6 @@ static int
|
||||||
key_spddelete(struct socket *so, struct mbuf *m,
|
key_spddelete(struct socket *so, struct mbuf *m,
|
||||||
const struct sadb_msghdr *mhp)
|
const struct sadb_msghdr *mhp)
|
||||||
{
|
{
|
||||||
struct sadb_address *src0, *dst0;
|
|
||||||
struct sadb_x_policy *xpl0;
|
struct sadb_x_policy *xpl0;
|
||||||
struct secpolicyindex spidx;
|
struct secpolicyindex spidx;
|
||||||
struct secpolicy *sp;
|
struct secpolicy *sp;
|
||||||
|
@ -2137,19 +2114,10 @@ key_spddelete(struct socket *so, struct mbuf *m,
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
}
|
}
|
||||||
|
|
||||||
src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
|
|
||||||
dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
|
|
||||||
xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
|
|
||||||
|
|
||||||
/* make secindex */
|
/* make secindex */
|
||||||
/* XXX boundary check against sa_len */
|
key_init_spidx_bymsghdr(&spidx, mhp);
|
||||||
KEY_SETSECSPIDX(xpl0->sadb_x_policy_dir,
|
|
||||||
src0 + 1,
|
xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
|
||||||
dst0 + 1,
|
|
||||||
src0->sadb_address_prefixlen,
|
|
||||||
dst0->sadb_address_prefixlen,
|
|
||||||
src0->sadb_address_proto,
|
|
||||||
&spidx);
|
|
||||||
|
|
||||||
/* checking the direciton. */
|
/* checking the direciton. */
|
||||||
switch (xpl0->sadb_x_policy_dir) {
|
switch (xpl0->sadb_x_policy_dir) {
|
||||||
|
@ -4807,9 +4775,8 @@ key_proto2satype(u_int16_t proto)
|
||||||
|
|
||||||
static int
|
static int
|
||||||
key_setsecasidx(int proto, int mode, int reqid,
|
key_setsecasidx(int proto, int mode, int reqid,
|
||||||
const struct sadb_address * src,
|
const struct sockaddr *src, const struct sockaddr *dst,
|
||||||
const struct sadb_address * dst,
|
struct secasindex * saidx)
|
||||||
struct secasindex * saidx)
|
|
||||||
{
|
{
|
||||||
const union sockaddr_union *src_u = (const union sockaddr_union *)src;
|
const union sockaddr_union *src_u = (const union sockaddr_union *)src;
|
||||||
const union sockaddr_union *dst_u = (const union sockaddr_union *)dst;
|
const union sockaddr_union *dst_u = (const union sockaddr_union *)dst;
|
||||||
|
@ -4832,6 +4799,30 @@ key_setsecasidx(int proto, int mode, int reqid,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
key_init_spidx_bymsghdr(struct secpolicyindex *spidx,
|
||||||
|
const struct sadb_msghdr *mhp)
|
||||||
|
{
|
||||||
|
const struct sadb_address *src0, *dst0;
|
||||||
|
const struct sockaddr *src, *dst;
|
||||||
|
const struct sadb_x_policy *xpl0;
|
||||||
|
|
||||||
|
src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
|
||||||
|
dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
|
||||||
|
src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
|
||||||
|
dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
|
||||||
|
xpl0 = (struct sadb_x_policy *)mhp->ext[SADB_X_EXT_POLICY];
|
||||||
|
|
||||||
|
memset(spidx, 0, sizeof(*spidx));
|
||||||
|
spidx->dir = xpl0->sadb_x_policy_dir;
|
||||||
|
spidx->prefs = src0->sadb_address_prefixlen;
|
||||||
|
spidx->prefd = dst0->sadb_address_prefixlen;
|
||||||
|
spidx->ul_proto = src0->sadb_address_proto;
|
||||||
|
/* XXX boundary check against sa_len */
|
||||||
|
memcpy(&spidx->src, src, src->sa_len);
|
||||||
|
memcpy(&spidx->dst, dst, dst->sa_len);
|
||||||
|
}
|
||||||
|
|
||||||
/* %%% PF_KEY */
|
/* %%% PF_KEY */
|
||||||
/*
|
/*
|
||||||
* SADB_GETSPI processing is to receive
|
* SADB_GETSPI processing is to receive
|
||||||
|
@ -4849,7 +4840,7 @@ static int
|
||||||
key_getspi(struct socket *so, struct mbuf *m,
|
key_getspi(struct socket *so, struct mbuf *m,
|
||||||
const struct sadb_msghdr *mhp)
|
const struct sadb_msghdr *mhp)
|
||||||
{
|
{
|
||||||
struct sadb_address *src0, *dst0;
|
const struct sockaddr *src, *dst;
|
||||||
struct secasindex saidx;
|
struct secasindex saidx;
|
||||||
struct secashead *newsah;
|
struct secashead *newsah;
|
||||||
struct secasvar *newsav;
|
struct secasvar *newsav;
|
||||||
|
@ -4883,8 +4874,8 @@ key_getspi(struct socket *so, struct mbuf *m,
|
||||||
reqid = 0;
|
reqid = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
|
src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
|
||||||
dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
|
dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
|
||||||
|
|
||||||
/* map satype to proto */
|
/* map satype to proto */
|
||||||
proto = key_satype2proto(mhp->msg->sadb_msg_satype);
|
proto = key_satype2proto(mhp->msg->sadb_msg_satype);
|
||||||
|
@ -4894,7 +4885,7 @@ key_getspi(struct socket *so, struct mbuf *m,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
error = key_setsecasidx(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
|
error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx);
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
|
|
||||||
|
@ -5222,7 +5213,7 @@ static int
|
||||||
key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
|
key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
|
||||||
{
|
{
|
||||||
struct sadb_sa *sa0;
|
struct sadb_sa *sa0;
|
||||||
struct sadb_address *src0, *dst0;
|
const struct sockaddr *src, *dst;
|
||||||
struct secasindex saidx;
|
struct secasindex saidx;
|
||||||
struct secashead *sah;
|
struct secashead *sah;
|
||||||
struct secasvar *sav;
|
struct secasvar *sav;
|
||||||
|
@ -5274,10 +5265,10 @@ key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
|
||||||
/* XXX boundary checking for other extensions */
|
/* XXX boundary checking for other extensions */
|
||||||
|
|
||||||
sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
|
sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
|
||||||
src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
|
src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
|
||||||
dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
|
dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
|
||||||
|
|
||||||
error = key_setsecasidx(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
|
error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx);
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
|
|
||||||
|
@ -5425,7 +5416,7 @@ key_add(struct socket *so, struct mbuf *m,
|
||||||
const struct sadb_msghdr *mhp)
|
const struct sadb_msghdr *mhp)
|
||||||
{
|
{
|
||||||
struct sadb_sa *sa0;
|
struct sadb_sa *sa0;
|
||||||
struct sadb_address *src0, *dst0;
|
const struct sockaddr *src, *dst;
|
||||||
struct secasindex saidx;
|
struct secasindex saidx;
|
||||||
struct secashead *newsah;
|
struct secashead *newsah;
|
||||||
struct secasvar *newsav;
|
struct secasvar *newsav;
|
||||||
|
@ -5476,10 +5467,10 @@ key_add(struct socket *so, struct mbuf *m,
|
||||||
}
|
}
|
||||||
|
|
||||||
sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
|
sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
|
||||||
src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
|
src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
|
||||||
dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
|
dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
|
||||||
|
|
||||||
error = key_setsecasidx(proto, mode, reqid, src0 + 1, dst0 + 1, &saidx);
|
error = key_setsecasidx(proto, mode, reqid, src, dst, &saidx);
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
|
|
||||||
|
@ -5678,7 +5669,7 @@ key_delete(struct socket *so, struct mbuf *m,
|
||||||
const struct sadb_msghdr *mhp)
|
const struct sadb_msghdr *mhp)
|
||||||
{
|
{
|
||||||
struct sadb_sa *sa0;
|
struct sadb_sa *sa0;
|
||||||
struct sadb_address *src0, *dst0;
|
const struct sockaddr *src, *dst;
|
||||||
struct secasindex saidx;
|
struct secasindex saidx;
|
||||||
struct secashead *sah;
|
struct secashead *sah;
|
||||||
struct secasvar *sav = NULL;
|
struct secasvar *sav = NULL;
|
||||||
|
@ -5723,11 +5714,10 @@ key_delete(struct socket *so, struct mbuf *m,
|
||||||
}
|
}
|
||||||
|
|
||||||
sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
|
sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
|
||||||
src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
|
src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
|
||||||
dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
|
dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
|
||||||
|
|
||||||
error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1,
|
error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx);
|
||||||
&saidx);
|
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
|
|
||||||
|
@ -5786,18 +5776,17 @@ static int
|
||||||
key_delete_all(struct socket *so, struct mbuf *m,
|
key_delete_all(struct socket *so, struct mbuf *m,
|
||||||
const struct sadb_msghdr *mhp, u_int16_t proto)
|
const struct sadb_msghdr *mhp, u_int16_t proto)
|
||||||
{
|
{
|
||||||
struct sadb_address *src0, *dst0;
|
const struct sockaddr *src, *dst;
|
||||||
struct secasindex saidx;
|
struct secasindex saidx;
|
||||||
struct secashead *sah;
|
struct secashead *sah;
|
||||||
struct secasvar *sav, *nextsav;
|
struct secasvar *sav, *nextsav;
|
||||||
u_int state;
|
u_int state;
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
src0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_SRC]);
|
src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
|
||||||
dst0 = (struct sadb_address *)(mhp->ext[SADB_EXT_ADDRESS_DST]);
|
dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
|
||||||
|
|
||||||
error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1,
|
error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx);
|
||||||
&saidx);
|
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
|
|
||||||
|
@ -5872,7 +5861,7 @@ key_get(struct socket *so, struct mbuf *m,
|
||||||
const struct sadb_msghdr *mhp)
|
const struct sadb_msghdr *mhp)
|
||||||
{
|
{
|
||||||
struct sadb_sa *sa0;
|
struct sadb_sa *sa0;
|
||||||
struct sadb_address *src0, *dst0;
|
const struct sockaddr *src, *dst;
|
||||||
struct secasindex saidx;
|
struct secasindex saidx;
|
||||||
struct secashead *sah;
|
struct secashead *sah;
|
||||||
struct secasvar *sav = NULL;
|
struct secasvar *sav = NULL;
|
||||||
|
@ -5904,11 +5893,10 @@ key_get(struct socket *so, struct mbuf *m,
|
||||||
}
|
}
|
||||||
|
|
||||||
sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
|
sa0 = (struct sadb_sa *)mhp->ext[SADB_EXT_SA];
|
||||||
src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
|
src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
|
||||||
dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
|
dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
|
||||||
|
|
||||||
error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1,
|
error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx);
|
||||||
&saidx);
|
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
|
|
||||||
|
@ -6520,7 +6508,7 @@ static int
|
||||||
key_acquire2(struct socket *so, struct mbuf *m,
|
key_acquire2(struct socket *so, struct mbuf *m,
|
||||||
const struct sadb_msghdr *mhp)
|
const struct sadb_msghdr *mhp)
|
||||||
{
|
{
|
||||||
const struct sadb_address *src0, *dst0;
|
const struct sockaddr *src, *dst;
|
||||||
struct secasindex saidx;
|
struct secasindex saidx;
|
||||||
struct secashead *sah;
|
struct secashead *sah;
|
||||||
u_int16_t proto;
|
u_int16_t proto;
|
||||||
|
@ -6595,11 +6583,10 @@ key_acquire2(struct socket *so, struct mbuf *m,
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
}
|
}
|
||||||
|
|
||||||
src0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_SRC];
|
src = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_SRC);
|
||||||
dst0 = (struct sadb_address *)mhp->ext[SADB_EXT_ADDRESS_DST];
|
dst = key_msghdr_get_sockaddr(mhp, SADB_EXT_ADDRESS_DST);
|
||||||
|
|
||||||
error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src0 + 1, dst0 + 1,
|
error = key_setsecasidx(proto, IPSEC_MODE_ANY, 0, src, dst, &saidx);
|
||||||
&saidx);
|
|
||||||
if (error != 0)
|
if (error != 0)
|
||||||
return key_senderror(so, m, EINVAL);
|
return key_senderror(so, m, EINVAL);
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue