Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src/crypto/dist/ipsec-tools/src Pull up revision 1.2 (request...
details: https://anonhg.NetBSD.org/src/rev/a74c725877b6
branches: netbsd-3
changeset: 575826:a74c725877b6
user: tron <tron%NetBSD.org@localhost>
date: Thu May 12 12:04:12 2005 +0000
description:
Pull up revision 1.2 (requested by manu in ticket #277):
More NAT-T fixes for the situation where racoon acts as a VPN client
Flush SA and generated SP on DPD timeout and deletion payloads
diffstat:
crypto/dist/ipsec-tools/src/libipsec/policy_parse.y | 54 +++++++++++++++++---
crypto/dist/ipsec-tools/src/libipsec/policy_token.l | 10 +++-
crypto/dist/ipsec-tools/src/racoon/isakmp_var.h | 8 ++-
crypto/dist/ipsec-tools/src/racoon/sockmisc.h | 8 ++-
4 files changed, 68 insertions(+), 12 deletions(-)
diffs (179 lines):
diff -r 2b8b3dc7a754 -r a74c725877b6 crypto/dist/ipsec-tools/src/libipsec/policy_parse.y
--- a/crypto/dist/ipsec-tools/src/libipsec/policy_parse.y Thu May 12 10:19:42 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/policy_parse.y Thu May 12 12:04:12 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: policy_parse.y,v 1.1.1.2 2005/02/23 14:54:09 manu Exp $ */
+/* $NetBSD: policy_parse.y,v 1.1.1.2.2.1 2005/05/12 12:04:12 tron Exp $ */
/* $KAME: policy_parse.y,v 1.21 2003/12/12 08:01:26 itojun Exp $ */
@@ -112,7 +112,8 @@
struct _val;
extern void yyerror __P((char *msg));
-static struct sockaddr *parse_sockaddr __P((struct _val *buf));
+static struct sockaddr *parse_sockaddr __P((struct _val *addrbuf,
+ struct _val *portbuf));
static int rule_check __P((void));
static int init_x_policy __P((void));
static int set_x_request __P((struct sockaddr *src, struct sockaddr *dst));
@@ -142,11 +143,11 @@
%token PRIORITY PLUS
%token <num32> PRIO_BASE
%token <val> PRIO_OFFSET
-%token ACTION PROTOCOL MODE LEVEL LEVEL_SPECIFY IPADDRESS
+%token ACTION PROTOCOL MODE LEVEL LEVEL_SPECIFY IPADDRESS PORT
%token ME ANY
%token SLASH HYPHEN
%type <num> DIR PRIORITY ACTION PROTOCOL MODE LEVEL
-%type <val> IPADDRESS LEVEL_SPECIFY
+%type <val> IPADDRESS LEVEL_SPECIFY PORT
%%
policy_spec
@@ -341,13 +342,24 @@
addresses
: IPADDRESS {
- p_src = parse_sockaddr(&$1);
+ p_src = parse_sockaddr(&$1, NULL);
if (p_src == NULL)
return -1;
}
HYPHEN
IPADDRESS {
- p_dst = parse_sockaddr(&$4);
+ p_dst = parse_sockaddr(&$4, NULL);
+ if (p_dst == NULL)
+ return -1;
+ }
+ | IPADDRESS PORT {
+ p_src = parse_sockaddr(&$1, &$2);
+ if (p_src == NULL)
+ return -1;
+ }
+ HYPHEN
+ IPADDRESS PORT {
+ p_dst = parse_sockaddr(&$5, &$6);
if (p_dst == NULL)
return -1;
}
@@ -381,18 +393,41 @@
}
static struct sockaddr *
-parse_sockaddr(buf)
- struct _val *buf;
+parse_sockaddr(addrbuf, portbuf)
+ struct _val *addrbuf;
+ struct _val *portbuf;
{
struct addrinfo hints, *res;
+ char *addr;
char *serv = NULL;
int error;
struct sockaddr *newaddr = NULL;
+ if ((addr = malloc(addrbuf->len + 1)) == NULL) {
+ yyerror("malloc failed");
+ __ipsec_set_strerror(strerror(errno));
+ return NULL;
+ }
+
+ if (portbuf && ((serv = malloc(portbuf->len + 1)) == NULL)) {
+ free(addr);
+ yyerror("malloc failed");
+ __ipsec_set_strerror(strerror(errno));
+ return NULL;
+ }
+
+ strncpy(addr, addrbuf->buf, addrbuf->len);
+ if (portbuf)
+ strncpy(serv, portbuf->buf, portbuf->len);
+
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
hints.ai_flags = AI_NUMERICHOST;
- error = getaddrinfo(buf->buf, serv, &hints, &res);
+ hints.ai_socktype = SOCK_DGRAM;
+ error = getaddrinfo(addr, serv, &hints, &res);
+ free(addr);
+ if (serv != NULL)
+ free(serv);
if (error != 0) {
yyerror("invalid IP address");
__ipsec_set_strerror(gai_strerror(error));
@@ -510,6 +545,7 @@
return -1;
}
pbuf = n;
+
p = (struct sadb_x_ipsecrequest *)&pbuf[offset];
p->sadb_x_ipsecrequest_len = reqlen;
p->sadb_x_ipsecrequest_proto = p_protocol;
diff -r 2b8b3dc7a754 -r a74c725877b6 crypto/dist/ipsec-tools/src/libipsec/policy_token.l
--- a/crypto/dist/ipsec-tools/src/libipsec/policy_token.l Thu May 12 10:19:42 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/policy_token.l Thu May 12 12:04:12 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: policy_token.l,v 1.1.1.2 2005/02/23 14:54:09 manu Exp $ */
+/* $NetBSD: policy_token.l,v 1.1.1.2.2.1 2005/05/12 12:04:12 tron Exp $ */
/* Id: policy_token.l,v 1.10 2004/11/14 20:15:43 monas Exp */
@@ -156,6 +156,14 @@
{hyphen} { return(HYPHEN); }
+{blcl}{decstring}{elcl} {
+ /* Remove leading '[' and trailing ']' */
+ yylval.val.buf = yytext + 1;
+ yylval.val.len = strlen(yytext) - 2;
+
+ return(PORT);
+ }
+
{ws} { ; }
{nl} { ; }
diff -r 2b8b3dc7a754 -r a74c725877b6 crypto/dist/ipsec-tools/src/racoon/isakmp_var.h
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h Thu May 12 10:19:42 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h Thu May 12 12:04:12 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_var.h,v 1.1.1.2 2005/02/23 14:54:21 manu Exp $ */
+/* $NetBSD: isakmp_var.h,v 1.1.1.2.2.1 2005/05/12 12:04:12 tron Exp $ */
/* Id: isakmp_var.h,v 1.9 2004/12/29 23:11:11 manubsd Exp */
@@ -123,4 +123,10 @@
extern void script_hook __P((struct ph1handle *, int));
extern int script_env_append __P((char ***, int *, char *, char *));
extern int script_exec __P((int, int, char * const *));
+
+void purge_remote __P((struct ph1handle *));
+void delete_spd __P((struct ph2handle *));
+#ifdef INET6
+u_int32_t setscopeid __P((struct sockaddr *, struct sockaddr *));
+#endif
#endif /* _ISAKMP_VAR_H */
diff -r 2b8b3dc7a754 -r a74c725877b6 crypto/dist/ipsec-tools/src/racoon/sockmisc.h
--- a/crypto/dist/ipsec-tools/src/racoon/sockmisc.h Thu May 12 10:19:42 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/sockmisc.h Thu May 12 12:04:12 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: sockmisc.h,v 1.1.1.2 2005/02/23 14:54:28 manu Exp $ */
+/* $NetBSD: sockmisc.h,v 1.1.1.2.2.1 2005/05/12 12:04:12 tron Exp $ */
/* Id: sockmisc.h,v 1.5 2004/07/12 20:43:51 ludvigm Exp */
@@ -49,6 +49,12 @@
extern int cmpsaddrwild __P((const struct sockaddr *, const struct sockaddr *));
extern int cmpsaddrstrict __P((const struct sockaddr *, const struct sockaddr *));
+#ifdef ENABLE_NATT
+#define CMPSADDR(saddr1, saddr2) cmpsaddrstrict((saddr1), (saddr2))
+#else
+#define CMPSADDR(saddr1, saddr2) cmpsaddrwop((saddr1), (saddr2))
+#endif
+
extern struct sockaddr *getlocaladdr __P((struct sockaddr *));
extern int recvfromto __P((int, void *, size_t, int,
Home |
Main Index |
Thread Index |
Old Index