Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src pullup (approved by releng-1-5)
details: https://anonhg.NetBSD.org/src/rev/4f3a92b4bf23
branches: netbsd-1-5
changeset: 489673:4f3a92b4bf23
user: itojun <itojun%NetBSD.org@localhost>
date: Wed Oct 04 17:44:27 2000 +0000
description:
pullup (approved by releng-1-5)
rijndael-cbc userland support.
usr.sbin/netstat/ipsec.c 1.2 -> 1.3
sbin/setkey/setkey.8 1.4 -> 1.5
sbin/setkey/setkey.c 1.1 -> 1.2
sbin/setkey/token.l 1.2 -> 1.3
lib/libipsec/pfkey_dump.c 1.8 -> 1.9
usr.sbin/tcpdump/ipsec_doi.h 1.2 -> 1.3
usr.sbin/tcpdump/isakmp.h 1.3 -> 1.4
usr.sbin/tcpdump/print-isakmp.h 1.5 -> 1.6
diffstat:
lib/libipsec/pfkey_dump.c | 7 +-
sbin/setkey/setkey.8 | 6 +-
sbin/setkey/setkey.c | 6 +-
sbin/setkey/token.l | 5 +-
usr.bin/netstat/ipsec.c | 7 +-
usr.sbin/tcpdump/ipsec_doi.h | 45 +++++----------
usr.sbin/tcpdump/isakmp.h | 107 +++++++--------------------------------
usr.sbin/tcpdump/print-isakmp.c | 66 +++++++++++++++++------
8 files changed, 102 insertions(+), 147 deletions(-)
diffs (truncated from 595 to 300 lines):
diff -r ab281d861b29 -r 4f3a92b4bf23 lib/libipsec/pfkey_dump.c
--- a/lib/libipsec/pfkey_dump.c Wed Oct 04 17:39:35 2000 +0000
+++ b/lib/libipsec/pfkey_dump.c Wed Oct 04 17:44:27 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: pfkey_dump.c,v 1.7.2.1 2000/07/30 06:19:50 itojun Exp $ */
-/* $KAME: pfkey_dump.c,v 1.20 2000/07/20 09:50:42 itojun Exp $ */
+/* $NetBSD: pfkey_dump.c,v 1.7.2.2 2000/10/04 17:44:29 itojun Exp $ */
+/* $KAME: pfkey_dump.c,v 1.22 2000/09/12 07:10:53 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -151,6 +151,9 @@
#endif
{ SADB_X_EALG_CAST128CBC, "cast128-cbc", },
{ SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
+#ifdef SADB_X_EALG_RIJNDAELCBC
+ { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
+#endif
{ -1, NULL, },
};
diff -r ab281d861b29 -r 4f3a92b4bf23 sbin/setkey/setkey.8
--- a/sbin/setkey/setkey.8 Wed Oct 04 17:39:35 2000 +0000
+++ b/sbin/setkey/setkey.8 Wed Oct 04 17:44:27 2000 +0000
@@ -1,5 +1,5 @@
-.\" $NetBSD: setkey.8,v 1.1.2.1 2000/07/01 23:26:05 itojun Exp $
-.\" $KAME: setkey.8,v 1.28 2000/06/16 12:03:46 sakane Exp $
+.\" $NetBSD: setkey.8,v 1.1.2.2 2000/10/04 17:44:27 itojun Exp $
+.\" $KAME: setkey.8,v 1.31 2000/08/29 07:32:48 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
.\" All rights reserved.
@@ -503,9 +503,9 @@
simple 0 to 2048 rfc2410
blowfish-cbc 40 to 448 rfc2451
cast128-cbc 40 to 128 rfc2451
-rc5-cbc 40 to 2040 rfc2451
des-deriv 64 ipsec-ciph-des-derived-01 (expired)
3des-deriv 192 no document
+rijndael-cbc 128/192/256 draft-ietf-ipsec-ciph-aes-cbc-00
.Ed
.Pp
Followings are the list of compression algorithms that can be used as
diff -r ab281d861b29 -r 4f3a92b4bf23 sbin/setkey/setkey.c
--- a/sbin/setkey/setkey.c Wed Oct 04 17:39:35 2000 +0000
+++ b/sbin/setkey/setkey.c Wed Oct 04 17:44:27 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: setkey.c,v 1.1 2000/06/13 15:15:27 itojun Exp $ */
-/* $KAME: setkey.c,v 1.14 2000/06/10 06:47:09 sakane Exp $ */
+/* $NetBSD: setkey.c,v 1.1.2.1 2000/10/04 17:44:27 itojun Exp $ */
+/* $KAME: setkey.c,v 1.15 2000/08/31 06:09:27 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -199,7 +199,7 @@
if (f_debug)
return 0;
- if (pfkey_send_register(so, PF_UNSPEC) < 0)
+ if (pfkey_send_register(so, SADB_SATYPE_UNSPEC) < 0)
return -1;
if (pfkey_recv_register(so) < 0)
diff -r ab281d861b29 -r 4f3a92b4bf23 sbin/setkey/token.l
--- a/sbin/setkey/token.l Wed Oct 04 17:39:35 2000 +0000
+++ b/sbin/setkey/token.l Wed Oct 04 17:44:27 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: token.l,v 1.1.2.1 2000/07/25 04:26:15 itojun Exp $ */
-/* $KAME: token.l,v 1.14 2000/07/15 16:08:01 itojun Exp $ */
+/* $NetBSD: token.l,v 1.1.2.2 2000/10/04 17:44:27 itojun Exp $ */
+/* $KAME: token.l,v 1.16 2000/08/28 16:41:10 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -173,6 +173,7 @@
cast128-cbc { PREPROC; yylval.num = SADB_X_EALG_CAST128CBC; return(ALG_ENC); }
des-deriv { PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC_DESDERIV); }
des-32iv { PREPROC; yylval.num = SADB_EALG_DESCBC; return(ALG_ENC_DES32IV); }
+rijndael-cbc { PREPROC; yylval.num = SADB_X_EALG_RIJNDAELCBC; return(ALG_ENC); }
/* compression algorithms */
{hyphen}C { PREPROC; return(F_COMP); }
diff -r ab281d861b29 -r 4f3a92b4bf23 usr.bin/netstat/ipsec.c
--- a/usr.bin/netstat/ipsec.c Wed Oct 04 17:39:35 2000 +0000
+++ b/usr.bin/netstat/ipsec.c Wed Oct 04 17:44:27 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.1.4.1 2000/07/25 04:26:45 itojun Exp $ */
+/* $NetBSD: ipsec.c,v 1.1.4.2 2000/10/04 17:44:29 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -68,7 +68,7 @@
static char sccsid[] = "from: @(#)inet.c 8.4 (Berkeley) 4/20/94";
#else
#ifdef __NetBSD__
-__RCSID("$NetBSD: ipsec.c,v 1.1.4.1 2000/07/25 04:26:45 itojun Exp $");
+__RCSID("$NetBSD: ipsec.c,v 1.1.4.2 2000/10/04 17:44:29 itojun Exp $");
#endif
#endif
#endif /* not lint */
@@ -134,6 +134,9 @@
#endif
{ SADB_X_EALG_CAST128CBC, "cast128-cbc", },
{ SADB_X_EALG_BLOWFISHCBC, "blowfish-cbc", },
+#ifdef SADB_X_EALG_RIJNDAELCBC
+ { SADB_X_EALG_RIJNDAELCBC, "rijndael-cbc", },
+#endif
{ -1, NULL },
};
diff -r ab281d861b29 -r 4f3a92b4bf23 usr.sbin/tcpdump/ipsec_doi.h
--- a/usr.sbin/tcpdump/ipsec_doi.h Wed Oct 04 17:39:35 2000 +0000
+++ b/usr.sbin/tcpdump/ipsec_doi.h Wed Oct 04 17:44:27 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_doi.h,v 1.2 1999/07/04 02:57:51 itojun Exp $ */
+/* $NetBSD: ipsec_doi.h,v 1.2.8.1 2000/10/04 17:44:29 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -53,6 +53,9 @@
#define IPSECDOI_AH_MD5 2
#define IPSECDOI_AH_SHA 3
#define IPSECDOI_AH_DES 4
+#define IPSECDOI_AH_SHA2_256 5
+#define IPSECDOI_AH_SHA2_384 6
+#define IPSECDOI_AH_SHA2_512 7
/* 4.4.1 IPSEC Security Protocol Identifiers */
#define IPSECDOI_PROTO_IPSEC_ESP 3
@@ -68,6 +71,8 @@
#define IPSECDOI_ESP_DES_IV32 9
#define IPSECDOI_ESP_RC4 10
#define IPSECDOI_ESP_NULL 11
+#define IPSECDOI_ESP_RIJNDAEL 12
+#define IPSECDOI_ESP_AES 12
/* 4.4.1 IPSEC Security Protocol Identifiers */
#define IPSECDOI_PROTO_IPCOMP 4
@@ -75,7 +80,6 @@
#define IPSECDOI_IPCOMP_OUI 1
#define IPSECDOI_IPCOMP_DEFLATE 2
#define IPSECDOI_IPCOMP_LZS 3
-#define IPSECDOI_IPCOMP_V42BIS 4
/* 4.5 IPSEC Security Association Attributes */
#define IPSECDOI_ATTR_SA_LTYPE 1 /* B */
@@ -90,16 +94,17 @@
#define IPSECDOI_ATTR_ENC_MODE_TUNNEL 1
#define IPSECDOI_ATTR_ENC_MODE_TRNS 2
#define IPSECDOI_ATTR_AUTH 5 /* B */
+ /* 0 means not to use authentication. */
#define IPSECDOI_ATTR_AUTH_HMAC_MD5 1
#define IPSECDOI_ATTR_AUTH_HMAC_SHA1 2
#define IPSECDOI_ATTR_AUTH_DES_MAC 3
-#define IPSECDOI_ATTR_AUTH_KPDK 4
+#define IPSECDOI_ATTR_AUTH_KPDK 4 /*RFC-1826(Key/Pad/Data/Key)*/
/*
- When negotiating ESP without authentication, the Auth
- Algorithm attribute MUST NOT be included in the proposal.
- When negotiating ESP without confidentiality, the Auth
- Algorithm attribute MUST be included in the proposal and
- the ESP transform ID must be ESP_NULL.
+ * When negotiating ESP without authentication, the Auth
+ * Algorithm attribute MUST NOT be included in the proposal.
+ * When negotiating ESP without confidentiality, the Auth
+ * Algorithm attribute MUST be included in the proposal and
+ * the ESP transform ID must be ESP_NULL.
*/
#define IPSECDOI_ATTR_KEY_LENGTH 6 /* B */
#define IPSECDOI_ATTR_KEY_ROUNDS 7 /* B */
@@ -111,12 +116,12 @@
struct isakmp_gen h;
u_int32_t doi; /* Domain of Interpretation */
u_int32_t sit; /* Situation */
-};
+} __attribute__((__packed__));
struct ipsecdoi_secrecy_h {
u_int16_t len;
u_int16_t reserved;
-};
+} __attribute__((__packed__));
/* 4.6.2.1 Identification Type Values */
struct ipsecdoi_id {
@@ -125,7 +130,7 @@
u_int8_t proto_id; /* Protocol ID */
u_int16_t port; /* Port */
/* Identification Data */
-};
+} __attribute__((__packed__));
#define IPSECDOI_ID_IPV4_ADDR 1
#define IPSECDOI_ID_FQDN 2
@@ -145,22 +150,4 @@
#define IPSECDOI_NTYPE_REPLAY_STATUS 24577
#define IPSECDOI_NTYPE_INITIAL_CONTACT 24578
-#if 0
-/* ipsec sa structure */
-struct ipsec_sa {
- u_int8_t proto_id; /* Protocol id */
- vchar_t *spi; /* spi to receive, network byte order */
- vchar_t *spi_p; /* spi to send, network byte order */
- vchar_t *keymat; /* KEYMAT */
- u_int8_t t_id; /* transform id */
- u_int8_t enc_t; /* type of cipher */
- u_int8_t mode_t; /* tunnel or transport */
- u_int8_t hash_t; /* type of hash */
- u_int8_t life_t; /* type of duration of lifetime */
- u_int32_t ldur; /* life duration */
- u_int8_t dhgrp; /* DH; group */
- struct ipsec_sa *next;
-};
-#endif
-
#endif /* !defined(_IPSEC_DOI_H_) */
diff -r ab281d861b29 -r 4f3a92b4bf23 usr.sbin/tcpdump/isakmp.h
--- a/usr.sbin/tcpdump/isakmp.h Wed Oct 04 17:39:35 2000 +0000
+++ b/usr.sbin/tcpdump/isakmp.h Wed Oct 04 17:44:27 2000 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp.h,v 1.3 2000/01/02 13:15:53 itojun Exp $ */
+/* $NetBSD: isakmp.h,v 1.3.4.1 2000/10/04 17:44:30 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -43,7 +43,7 @@
typedef struct { /* i_cookie + r_cookie */
cookie_t i_ck;
cookie_t r_ck;
-} isakmp_index;
+} __attribute__((__packed__)) isakmp_index;
#define INITIATOR 1
#define RESPONDER 2
@@ -112,7 +112,7 @@
u_int8_t flags; /* Flags */
msgid_t msgid;
u_int32_t len; /* Length */
-};
+} __attribute__((__packed__));
/* Next Payload Type */
#define ISAKMP_NPTYPE_NONE 0 /* NONE*/
@@ -155,7 +155,7 @@
u_int8_t np; /* Next Payload */
u_int8_t reserved; /* RESERVED, unused, must set to 0 */
u_int16_t len; /* Payload Length */
-};
+} __attribute__((__packed__));
/* 3.3 Data Attributes
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
@@ -172,7 +172,7 @@
u_int16_t lorv; /* if f equal 1, Attribute Length */
/* if f equal 0, Attribute Value */
/* if f equal 1, Attribute Value */
-};
+} __attribute__((__packed__));
#define ISAKMP_GEN_TLV 0x0000
#define ISAKMP_GEN_TV 0x8000
/* mask for type of attribute format */
@@ -194,7 +194,7 @@
struct isakmp_gen h;
u_int32_t doi; /* Domain of Interpretation */
u_int32_t sit; /* Situation */
-};
+} __attribute__((__packed__));
/* 3.5 Proposal Payload */
/*
@@ -211,7 +211,7 @@
u_int8_t spi_size; /* SPI Size */
u_int8_t num_t; /* Number of Transforms */
/* SPI */
-};
+} __attribute__((__packed__));
/* 3.6 Transform Payload */
/*
@@ -226,13 +226,13 @@
u_int8_t t_id; /* Transform-Id */
u_int16_t reserved; /* RESERVED2 */
/* SA Attributes */
-};
+} __attribute__((__packed__));
/* 3.7 Key Exchange Payload */
struct isakmp_pl_ke {
struct isakmp_gen h;
/* Key Exchange Data */
-};
+} __attribute__((__packed__));
/* 3.8 Identification Payload */
/* MUST NOT to be used, because of being defined in ipsec-doi. */
@@ -243,7 +243,7 @@
u_int32_t doi_data; /* DOI Specific ID Data */
} d;
/* Identification Data */
Home |
Main Index |
Thread Index |
Old Index