[src/trunk]: src/crypto/dist/kame KAME racoon as of 2002/4/26

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/crypto/dist/kame KAME racoon as of 2002/4/26
From: itojun <itojun%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 10:55:28 +0000
details:   https://anonhg.NetBSD.org/src/rev/dcbbf201f487
branches:  trunk
changeset: 526130:dcbbf201f487
user:      itojun <itojun%NetBSD.org@localhost>
date:      Fri Apr 26 02:16:38 2002 +0000

description:
KAME racoon as of 2002/4/26

diffstat:

 crypto/dist/kame/libipsec/ipsec_dump_policy.c |    6 +-
 crypto/dist/kame/libipsec/pfkey_dump.c        |   84 ++-
 crypto/dist/kame/libipsec/policy_parse.y      |    6 +-
 crypto/dist/kame/racoon/Makefile.in           |    9 +-
 crypto/dist/kame/racoon/TODO                  |   21 +-
 crypto/dist/kame/racoon/algorithm.c           |   14 +-
 crypto/dist/kame/racoon/algorithm.h           |    3 +-
 crypto/dist/kame/racoon/configure             |  513 +++++++++++----------
 crypto/dist/kame/racoon/configure.in          |   10 +
 crypto/dist/kame/racoon/crypto_openssl.h      |    7 +-
 crypto/dist/kame/racoon/debugrm.c             |  274 +++++++++++
 crypto/dist/kame/racoon/debugrm.h             |   87 +++
 crypto/dist/kame/racoon/dhgroup.h             |   39 +-
 crypto/dist/kame/racoon/doc/pattern           |   14 +-
 crypto/dist/kame/racoon/doc/redmond.txt       |   36 +-
 crypto/dist/kame/racoon/eaytest.c             |  614 +++++++++++++++++--------
 crypto/dist/kame/racoon/gcmalloc.h            |    6 +-
 crypto/dist/kame/racoon/grabmyaddr.h          |    4 +-
 crypto/dist/kame/racoon/handler.c             |  235 +++++++--
 crypto/dist/kame/racoon/handler.h             |   37 +-
 crypto/dist/kame/racoon/isakmp_agg.c          |   44 +-
 crypto/dist/kame/racoon/isakmp_base.c         |   62 +-
 crypto/dist/kame/racoon/isakmp_ident.c        |  155 ++++--
 crypto/dist/kame/racoon/isakmp_var.h          |    6 +-
 crypto/dist/kame/racoon/localconf.h           |    6 +-
 crypto/dist/kame/racoon/oakley.h              |    3 +-
 crypto/dist/kame/racoon/pfkey.c               |   52 +-
 crypto/dist/kame/racoon/plog.h                |    5 +-
 crypto/dist/kame/racoon/policy.c              |   42 +-
 crypto/dist/kame/racoon/policy.h              |    3 +-
 crypto/dist/kame/racoon/proposal.c            |  154 +++--
 crypto/dist/kame/racoon/remoteconf.c          |    8 +-
 crypto/dist/kame/racoon/remoteconf.h          |    6 +-
 crypto/dist/kame/racoon/sainfo.c              |    3 +-
 crypto/dist/kame/racoon/schedule.c            |   21 +-
 crypto/dist/kame/racoon/session.c             |   13 +-
 crypto/dist/kame/racoon/sockmisc.c            |   65 +-
 crypto/dist/kame/racoon/sockmisc.h            |    4 +-
 crypto/dist/kame/racoon/strnames.c            |    9 +-
 crypto/dist/kame/racoon/var.h                 |    6 +-
 crypto/dist/kame/racoon/vmbuf.c               |    3 +-
 crypto/dist/kame/racoon/vmbuf.h               |    4 +-
 42 files changed, 1778 insertions(+), 915 deletions(-)

diffs (truncated from 5973 to 300 lines):

diff -r 36665a68ac6f -r dcbbf201f487 crypto/dist/kame/libipsec/ipsec_dump_policy.c
--- a/crypto/dist/kame/libipsec/ipsec_dump_policy.c     Fri Apr 26 02:05:07 2002 +0000
+++ b/crypto/dist/kame/libipsec/ipsec_dump_policy.c     Fri Apr 26 02:16:38 2002 +0000
@@ -1,4 +1,4 @@
-/*     $KAME: ipsec_dump_policy.c,v 1.11 2000/05/07 05:29:47 itojun Exp $      */
+/*     $KAME: ipsec_dump_policy.c,v 1.12 2001/11/13 12:38:47 jinmei Exp $      */
 
 /*
  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -291,11 +291,7 @@
        size_t len;
        struct sockaddr *sa;
 {
-#ifdef NI_WITHSCOPEID
-       const int niflags = NI_NUMERICHOST | NI_WITHSCOPEID;
-#else
        const int niflags = NI_NUMERICHOST;
-#endif
 
        if (len < 1)
                return NULL;
diff -r 36665a68ac6f -r dcbbf201f487 crypto/dist/kame/libipsec/pfkey_dump.c
--- a/crypto/dist/kame/libipsec/pfkey_dump.c    Fri Apr 26 02:05:07 2002 +0000
+++ b/crypto/dist/kame/libipsec/pfkey_dump.c    Fri Apr 26 02:16:38 2002 +0000
@@ -1,4 +1,4 @@
-/*     $KAME: pfkey_dump.c,v 1.30 2001/06/27 13:20:15 sakane Exp $     */
+/*     $KAME: pfkey_dump.c,v 1.35 2001/11/13 12:38:47 jinmei Exp $     */
 
 /*
  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -99,7 +99,8 @@
 } while (0)
 
 static char *str_ipaddr __P((struct sockaddr *));
-static char *str_prefport __P((u_int, u_int, u_int));
+static char *str_prefport __P((u_int, u_int, u_int, u_int));
+static void str_upperspec __P((u_int, u_int, u_int));
 static char *str_time __P((time_t));
 static void str_lifetime_byte __P((struct sadb_lifetime *, char *));
 
@@ -130,22 +131,6 @@
        "tunnel",
 };
 
-static char *str_upper[] = {
-/*0*/  "ip", "icmp", "igmp", "ggp", "ip4",
-       "", "tcp", "", "egp", "",
-/*10*/ "", "", "", "", "",
-       "", "", "udp", "", "",
-/*20*/ "", "", "idp", "", "",
-       "", "", "", "", "tp",
-/*30*/ "", "", "", "", "",
-       "", "", "", "", "",
-/*40*/ "", "ip6", "", "rt6", "frag6",
-       "", "rsvp", "gre", "", "",
-/*50*/ "esp", "ah", "", "", "",
-       "", "", "", "icmp6", "none",
-/*60*/ "dst6",
-};
-
 static char *str_state[] = {
        "larval",
        "mature",
@@ -371,7 +356,7 @@
        struct sadb_x_policy *m_xpl;
        struct sadb_lifetime *m_lftc = NULL, *m_lfth = NULL;
        struct sockaddr *sa;
-       u_int16_t port;
+       u_int16_t sport = 0, dport = 0;
 
        /* check pfkey message. */
        if (pfkey_align(m, mhp)) {
@@ -400,12 +385,13 @@
        case AF_INET6:
                if (getnameinfo(sa, sa->sa_len, NULL, 0, pbuf, sizeof(pbuf),
                    NI_NUMERICSERV) != 0)
-                       port = 0;       /*XXX*/
+                       sport = 0;      /*XXX*/
                else
-                       port = atoi(pbuf);
+                       sport = atoi(pbuf);
                printf("%s%s ", str_ipaddr(sa),
                        str_prefport(sa->sa_family,
-                           m_saddr->sadb_address_prefixlen, port));
+                           m_saddr->sadb_address_prefixlen, sport,
+                           m_saddr->sadb_address_proto));
                break;
        default:
                printf("unknown-af ");
@@ -423,12 +409,13 @@
        case AF_INET6:
                if (getnameinfo(sa, sa->sa_len, NULL, 0, pbuf, sizeof(pbuf),
                    NI_NUMERICSERV) != 0)
-                       port = 0;       /*XXX*/
+                       dport = 0;      /*XXX*/
                else
-                       port = atoi(pbuf);
+                       dport = atoi(pbuf);
                printf("%s%s ", str_ipaddr(sa),
                        str_prefport(sa->sa_family,
-                           m_daddr->sadb_address_prefixlen, port));
+                           m_daddr->sadb_address_prefixlen, dport,
+                           m_saddr->sadb_address_proto));
                break;
        default:
                printf("unknown-af ");
@@ -440,10 +427,7 @@
                printf("upper layer protocol mismatched.\n");
                return;
        }
-       if (m_saddr->sadb_address_proto == IPSEC_ULPROTO_ANY)
-               printf("any");
-       else
-               GETMSGSTR(str_upper, m_saddr->sadb_address_proto);
+       str_upperspec(m_saddr->sadb_address_proto, sport, dport);
 
        /* policy */
     {
@@ -494,11 +478,7 @@
        struct sockaddr *sa;
 {
        static char buf[NI_MAXHOST];
-#ifdef NI_WITHSCOPEID
-       const int niflag = NI_NUMERICHOST | NI_WITHSCOPEID;
-#else
        const int niflag = NI_NUMERICHOST;
-#endif
 
        if (sa == NULL)
                return "";
@@ -512,8 +492,8 @@
  * set "/prefix[port number]" to buffer.
  */
 static char *
-str_prefport(family, pref, port)
-       u_int family, pref, port;
+str_prefport(family, pref, port, ulp)
+       u_int family, pref, port, ulp;
 {
        static char buf[128];
        char prefbuf[10];
@@ -536,7 +516,9 @@
        else
                snprintf(prefbuf, sizeof(prefbuf), "/%u", pref);
 
-       if (port == IPSEC_PORT_ANY)
+       if (ulp == IPPROTO_ICMPV6)
+               memset(portbuf, 0, sizeof(portbuf));
+       else if (ulp != IPPROTO_ICMPV6 && port == IPSEC_PORT_ANY)
                snprintf(portbuf, sizeof(portbuf), "[%s]", "any");
        else
                snprintf(portbuf, sizeof(portbuf), "[%u]", port);
@@ -546,6 +528,36 @@
        return buf;
 }
 
+static void
+str_upperspec(ulp, p1, p2)
+       u_int ulp, p1, p2;
+{
+       if (ulp == IPSEC_ULPROTO_ANY)
+               printf("any");
+       else if (ulp == IPPROTO_ICMPV6) {
+               printf("icmp6");
+               if (!(p1 == IPSEC_PORT_ANY && p2 == IPSEC_PORT_ANY))
+                       printf(" %d,%d", p1, p2);
+       } else {
+               struct protoent *ent;
+
+               switch (ulp) {
+               case IPPROTO_IPV4:
+                       printf("ip4");
+                       break;
+               default:
+                       ent = getprotobynumber(ulp);
+                       if (ent)
+                               printf("%s", ent->p_name);
+                       else
+                               printf("%d", ulp);
+
+                       endprotoent();
+                       break;
+               }
+       }
+}
+
 /*
  * set "Mon Day Time Year" to buffer
  */
diff -r 36665a68ac6f -r dcbbf201f487 crypto/dist/kame/libipsec/policy_parse.y
--- a/crypto/dist/kame/libipsec/policy_parse.y  Fri Apr 26 02:05:07 2002 +0000
+++ b/crypto/dist/kame/libipsec/policy_parse.y  Fri Apr 26 02:16:38 2002 +0000
@@ -1,4 +1,4 @@
-/*     $KAME: policy_parse.y,v 1.10 2000/05/07 05:25:03 itojun Exp $   */
+/*     $KAME: policy_parse.y,v 1.11 2001/08/31 09:44:18 itojun Exp $   */
 
 /*
  * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
@@ -87,6 +87,8 @@
 extern int yyparse __P((void));
 extern int yylex __P((void));
 
+extern char *__libyytext;      /*XXX*/
+
 %}
 
 %union {
@@ -209,8 +211,6 @@
 yyerror(msg)
        char *msg;
 {
-       extern char *__libyytext;       /*XXX*/
-
        fprintf(stderr, "libipsec: %s while parsing \"%s\"\n",
                msg, __libyytext);
 
diff -r 36665a68ac6f -r dcbbf201f487 crypto/dist/kame/racoon/Makefile.in
--- a/crypto/dist/kame/racoon/Makefile.in       Fri Apr 26 02:05:07 2002 +0000
+++ b/crypto/dist/kame/racoon/Makefile.in       Fri Apr 26 02:16:38 2002 +0000
@@ -1,4 +1,4 @@
-#      $KAME: Makefile.in,v 1.35 2001/08/08 22:09:26 sakane Exp $
+#      $KAME: Makefile.in,v 1.36 2001/11/16 04:34:55 sakane Exp $
 
 @SET_MAKE@
 srcdir=        @srcdir@
@@ -30,7 +30,7 @@
        policy.o localconf.o remoteconf.o crypto_openssl.o algorithm.o \
        proposal.o sainfo.o cfparse.o cftoken.o strnames.o \
        vmbuf.o plog.o logger.o schedule.o str2val.o misc.o sockmisc.o \
-       safefile.o backupsa.o @LIBOBJS@ @CRYPTOBJS@
+       safefile.o backupsa.o @LIBOBJS@ @CRYPTOBJS@ @DEBUGRMOBJS@
 # under samples
 CONF=  psk.txt racoon.conf
 
@@ -40,14 +40,15 @@
        $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS)
 
 racoonctl: kmpstat.o misc_noplog.o vmbuf.o str2val.o
-       $(CC) $(LDFLAGS) -o $@ kmpstat.o misc_noplog.o vmbuf.o str2val.o $(LIBS)
+       $(CC) $(LDFLAGS) -o $@ kmpstat.o misc_noplog.o vmbuf.o str2val.o \
+               $(LIBS) @DEBUGRMOBJS@
 
 pfkey: dummy.o
        $(CC) $(LDFLAGS) -o $@ dummy.o
 
 eaytest: eaytest.o crypto_openssl_test.o misc_noplog.o vmbuf.o str2val.o
        $(CC) $(LDFLAGS) -o $@ eaytest.o crypto_openssl_test.o misc_noplog.o \
-               vmbuf.o str2val.o $(LIBS) @CRYPTOBJS@
+               vmbuf.o str2val.o $(LIBS) @CRYPTOBJS@ @DEBUGRMOBJS@
 
 # special object rules
 crypto_openssl_test.o: crypto_openssl.c
diff -r 36665a68ac6f -r dcbbf201f487 crypto/dist/kame/racoon/TODO
--- a/crypto/dist/kame/racoon/TODO      Fri Apr 26 02:05:07 2002 +0000
+++ b/crypto/dist/kame/racoon/TODO      Fri Apr 26 02:16:38 2002 +0000
@@ -1,4 +1,4 @@
-$KAME: TODO,v 1.35 2000/10/04 17:40:58 itojun Exp $
+$KAME: TODO,v 1.36 2001/09/19 09:41:39 sakane Exp $
 
 Please send any questions or bug reports to snap-users%kame.net@localhost.
 
@@ -10,23 +10,15 @@
   "logfile racoon.%s.log", should be useful here.
   -> beware of possible security issue, don't use sprintf() directly!
      make validation before giving a string to sprintf().
-o fix flag for logging
 o save decrypted IKE packet in tcpdump format
 o IPComp SA with wellknown CPI in CPI field.  how to handle it?
-o hunt for memory leaks
 o better rekey
 
 MUST
-o Certificate type handling.  e.g. CRL, CR, PGP...
 o multiple certificate payload handling.
 o To consider the use with certificate infrastructure.  PXIX ???
-o Support scoped (link-local and site-local) IPv6 addresses.
-  It needs pfkey modification for scope IDs, and advanced API (RFC2292)
-  related mods in racoon itself.
 o kmstat should be improved.
-o aggressive mode DH group checks/handling on responder side.
 o Informational Exchange processing properly.
-o mandatory configuration check.
 o require less configuration.  phase 2 is easier (as kernel presents racoon
   some hints), phase 1 is harder.  for example,
   - grab phase 2 lifetime and algorith configuration from sadb_comb payloads in
@@ -44,18 +36,11 @@
                (is "strict" a reasonable default?)
        guess which mode to use for phase 1 negotiation (is main mode useful?
                is base mode popular enough?)
-o psk.txt should be a database? (psk.db?)  psk_mkdb?
+o more acceptable check.
 
 SHOULD
-o how to support multi interfaces ?
-  - perform a dummy connect(2), like ping6.
-  - bind multi address, like named.
-  now racoon uses the former way.
-o DSA signature authentication method.
-o more acceptable check.
-o New group mode should be considered.
Prev by Date: [src/trunk]: src - Improve wscons.conf(5)
Next by Date: [src/trunk]: src/sys/arch/arm/arm32 Make a comment describe what the code act...
Previous by Thread: [src/trunk]: src - Improve wscons.conf(5)
Next by Thread: [src/trunk]: src/sys/arch/arm/arm32 Make a comment describe what the code act...
Indexes:
Home | Main Index | Thread Index | Old Index