Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src upgrade libipsec to the latest.
details: https://anonhg.NetBSD.org/src/rev/01a040e96cbe
branches: trunk
changeset: 481442:01a040e96cbe
user: itojun <itojun%NetBSD.org@localhost>
date: Mon Jan 31 14:15:30 2000 +0000
description:
upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
diffstat:
distrib/sets/lists/base/shl.elf | 4 +-
distrib/sets/lists/base/shl.mi | 4 +-
lib/libipsec/Makefile | 19 +-
lib/libipsec/ipsec_policy.c | 667 ------------
lib/libipsec/ipsec_set_policy.3 | 168 ++-
lib/libipsec/ipsec_strerror.3 | 19 +-
lib/libipsec/ipsec_strerror.c | 6 +-
lib/libipsec/ipsec_strerror.h | 44 +-
lib/libipsec/pfkey.c | 2139 ++++++++++++++++++++------------------
lib/libipsec/pfkey_dump.c | 213 ++-
lib/libipsec/shlib_version | 4 +-
11 files changed, 1449 insertions(+), 1838 deletions(-)
diffs (truncated from 3821 to 300 lines):
diff -r f942722cc0dd -r 01a040e96cbe distrib/sets/lists/base/shl.elf
--- a/distrib/sets/lists/base/shl.elf Mon Jan 31 13:39:08 2000 +0000
+++ b/distrib/sets/lists/base/shl.elf Mon Jan 31 14:15:30 2000 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.elf,v 1.14 1999/11/23 11:20:29 blymn Exp $
+# $NetBSD: shl.elf,v 1.15 2000/01/31 14:15:34 itojun Exp $
./usr/lib/libamu.so.1
./usr/lib/libbfd.so.3
./usr/lib/libbz2.so.0
@@ -8,7 +8,7 @@
./usr/lib/libedit.so.2
./usr/lib/libg2c.so.0
./usr/lib/libgnumalloc.so.0
-./usr/lib/libipsec.so.0
+./usr/lib/libipsec.so.1
./usr/lib/libkvm.so.5
./usr/lib/libm.so.0
./usr/lib/libmenu.so.0
diff -r f942722cc0dd -r 01a040e96cbe distrib/sets/lists/base/shl.mi
--- a/distrib/sets/lists/base/shl.mi Mon Jan 31 13:39:08 2000 +0000
+++ b/distrib/sets/lists/base/shl.mi Mon Jan 31 14:15:30 2000 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: shl.mi,v 1.52 2000/01/28 17:40:41 itojun Exp $
+# $NetBSD: shl.mi,v 1.53 2000/01/31 14:15:34 itojun Exp $
./usr/lib/libamu.so.1.1
./usr/lib/libbfd.so.3.0
./usr/lib/libbz2.so.0.0
@@ -8,7 +8,7 @@
./usr/lib/libedit.so.2.3
./usr/lib/libg2c.so.0.0
./usr/lib/libgnumalloc.so.0.0
-./usr/lib/libipsec.so.0.0
+./usr/lib/libipsec.so.1.0
./usr/lib/libkvm.so.5.0
./usr/lib/libm.so.0.1
./usr/lib/libmenu.so.0.1
diff -r f942722cc0dd -r 01a040e96cbe lib/libipsec/Makefile
--- a/lib/libipsec/Makefile Mon Jan 31 13:39:08 2000 +0000
+++ b/lib/libipsec/Makefile Mon Jan 31 14:15:30 2000 +0000
@@ -1,17 +1,24 @@
-# $NetBSD: Makefile,v 1.2 1999/07/03 06:59:28 itojun Exp $
+# $NetBSD: Makefile,v 1.3 2000/01/31 14:15:30 itojun Exp $
LIB= ipsec
-#CFLAGS+=-g
-CPPFLAGS+=-DIPSEC_DEBUG
-CPPFLAGS+=-DIPSEC
-CPPFLAGS+=-DINET6
+CFLAGS+=-g
+CPPFLAGS+=-DIPSEC_DEBUG -DIPSEC -DINET6 -I. -DYY_NO_UNPUT
.PATH: ${.CURDIR}/../../sys/netkey
SRCS= pfkey.c pfkey_dump.c
-SRCS+= ipsec_policy.c ipsec_strerror.c key_debug.c
+SRCS+= ipsec_strerror.c policy_parse.y policy_token.l
+SRCS+= ipsec_get_policylen.c ipsec_dump_policy.c
+SRCS+= key_debug.c
+LPREFIX+=__libyy
+YPREFIX+=__libyy
+YHEADER=1
+
+#LFLAGS+= -olex.yy.c
MAN= ipsec_set_policy.3 ipsec_strerror.3
MLINKS+=ipsec_set_policy.3 ipsec_get_policylen.3 \
ipsec_set_policy.3 ipsec_dump_policy.3
+CLEANFILES+= y.tab.h
+
.include <bsd.lib.mk>
diff -r f942722cc0dd -r 01a040e96cbe lib/libipsec/ipsec_policy.c
--- a/lib/libipsec/ipsec_policy.c Mon Jan 31 13:39:08 2000 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,667 +0,0 @@
-/* $NetBSD: ipsec_policy.c,v 1.3 1999/07/04 01:36:12 itojun Exp $ */
-
-/*
- * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. Neither the name of the project nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#if 0
-static char *rcsid = "@(#) ipsec_policy.c KAME Revision: 1.1.4.8";
-#else
-#include <sys/cdefs.h>
-#ifndef lint
-__RCSID("$NetBSD: ipsec_policy.c,v 1.3 1999/07/04 01:36:12 itojun Exp $");
-#endif
-#endif
-
-/*
- * The following requests are accepted:
- * protocol parsed as protocol/default/
- * protocol/level/proxy
- * protocol/ parsed as protocol/default/
- * protocol/level parsed as protocol/level/
- * protocol/level/ parsed as protocol/level/
- * protocol/proxy parsed as protocol/default/proxy
- * protocol//proxy parsed as protocol/default/proxy
- * protocol// parsed as protocol/default/
- * You can concatenate these requests with either ' ' or '\n'.
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/socket.h>
-#include <assert.h>
-
-#include <net/route.h>
-#include <netinet/in.h>
-#include <netinet6/ipsec.h>
-
-#include <netkey/keyv2.h>
-#include <netkey/key_var.h>
-
-#include <arpa/inet.h>
-
-#include <netdb.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <ctype.h>
-#include <strings.h>
-#include <errno.h>
-
-#include "ipsec_strerror.h"
-
-/* order must be the same */
-static char *tokens[] = {
- "discard", "none", "ipsec", "entrust", "bypass",
- "esp", "ah", "ipcomp", "default", "use", "require", "/", NULL
-};
-enum token {
- t_invalid = -1, t_discard, t_none, t_ipsec, t_entrust, t_bypass,
- t_esp, t_ah, t_ipcomp, t_default, t_use, t_require, t_slash, t_omit,
-};
-static int values[] = {
- IPSEC_POLICY_DISCARD, IPSEC_POLICY_NONE, IPSEC_POLICY_IPSEC,
- IPSEC_POLICY_ENTRUST, IPSEC_POLICY_BYPASS,
- IPPROTO_ESP, IPPROTO_AH, IPPROTO_IPCOMP,
- IPSEC_LEVEL_DEFAULT, IPSEC_LEVEL_USE, IPSEC_LEVEL_REQUIRE, 0, 0,
-};
-struct pbuf {
- char *buf;
- int buflen; /* size of the buffer */
- int off; /* current offset */
-};
-
-/* XXX duplicated def */
-static char *ipsp_strs[] = {
- "discard", "none", "ipsec", "entrust", "bypass",
-};
-
-static enum token gettoken(char *p);
-static char *skiptoken(char *p, enum token t);
-static char *skipspaces(char *p);
-static char *parse_request(struct pbuf *pbuf, char *p);
-static char *parse_policy(struct pbuf *pbuf, char *p);
-static char *get_sockaddr(char *host, struct sockaddr *addr);
-static int parse_setreq(struct pbuf *pbuf, int proto, int level,
- struct sockaddr *proxy);
-static int parse_main(struct pbuf *pbuf, char *policy);
-
-static enum token gettoken(char *p)
-{
- int i;
- int l;
-
- assert(p);
- for (i = 0; i < sizeof(tokens)/sizeof(tokens[0]); i++) {
- if (tokens[i] == NULL)
- continue;
- l = strlen(tokens[i]);
- if (strncmp(p, tokens[i], l) != 0)
- continue;
- /* slash alone is okay as token */
- if (i == t_slash)
- return i;
- /* other ones are words, so needs proper termination */
- if (isspace(p[l]) || p[l] == '/' || p[l] == '\0')
- return i;
- }
- return t_invalid;
-}
-
-static char *skiptoken(char *p, enum token t)
-{
- assert(p);
- assert(tokens[t] != NULL);
-
- if (gettoken(p) != t)
- return NULL;
- return p + strlen(tokens[t]);
-}
-
-static char *skipspaces(char *p)
-{
- assert(p);
- while (p && isspace(*p))
- p++;
- return p;
-}
-
-static char *parse_request(struct pbuf *pbuf, char *p)
-{
- enum token t;
- int i;
- enum token ts[3]; /* set of tokens */
- struct sockaddr_storage proxy;
- int isproxy;
-
- assert(p);
- assert(pbuf);
-
- i = 0;
-
- /*
- * here, we accept sequence like:
- * [token slash]* token
- * and decode that into ts[].
- */
- for (i = 0; i < sizeof(ts)/sizeof(ts[0]); i++)
- ts[i] = t_invalid;
- i = 0;
- while (i < sizeof(ts)/sizeof(ts[0])) {
- /* get a token */
- p = skipspaces(p);
- t = gettoken(p);
- switch (t) {
- case t_invalid:
- /*
- * this may be a proxy.
- * this shouldn't be a termination.
- */
- if (*p != '\0')
- goto breakbreak;
- goto parseerror;
- case t_esp:
- case t_ah:
- case t_ipcomp:
- case t_default:
- case t_use:
- case t_require:
- /*
- * protocol or level - just keep it into ts[],
- * we'll care about protocol/level ordering afterwards
- */
- ts[i++] = t;
- p = skiptoken(p, t);
- break;
- case t_slash:
- /*
- * the user did not specify the token - don't advance
- * the pointer.
- */
- ts[i++] = t_omit;
- break;
- default:
- /* bzz, you are wrong */
- goto parseerror;
- }
-
- /* get a slash */
- p = skipspaces(p);
- t = gettoken(p);
- switch (t) {
- case t_invalid:
- /* this may be a termination. */
- if (*p == '\0')
- goto breakbreak;
- goto parseerror;
- case t_esp:
- case t_ah:
- case t_ipcomp:
- /* protocol - we've hit the next request */
- goto breakbreak;
- case t_slash:
Home |
Main Index |
Thread Index |
Old Index