Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys nuke sadb_x_ident_id, wihich violates pfkey standard.
details: https://anonhg.NetBSD.org/src/rev/c24474937e63
branches: trunk
changeset: 494083:c24474937e63
user: itojun <itojun%NetBSD.org@localhost>
date: Sat Jul 01 01:01:34 2000 +0000
description:
nuke sadb_x_ident_id, wihich violates pfkey standard.
correct get/set SA handling.
(from kame)
diffstat:
sys/net/pfkeyv2.h | 13 +---
sys/netkey/key.c | 163 +++++++++++++++++++++---------------------------
sys/netkey/key_debug.c | 15 +---
3 files changed, 74 insertions(+), 117 deletions(-)
diffs (truncated from 361 to 300 lines):
diff -r d4e5ed6fddab -r c24474937e63 sys/net/pfkeyv2.h
--- a/sys/net/pfkeyv2.h Sat Jul 01 00:05:27 2000 +0000
+++ b/sys/net/pfkeyv2.h Sat Jul 01 01:01:34 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: pfkeyv2.h,v 1.5 2000/06/12 10:40:37 itojun Exp $ */
-/* $KAME: pfkeyv2.h,v 1.16 2000/06/10 06:39:54 sakane Exp $ */
+/* $NetBSD: pfkeyv2.h,v 1.6 2000/07/01 01:01:34 itojun Exp $ */
+/* $KAME: pfkeyv2.h,v 1.17 2000/06/22 08:38:33 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -135,15 +135,6 @@
u_int16_t sadb_ident_reserved;
u_int64_t sadb_ident_id;
};
-/* in order to use to divide sadb_ident.sadb_ident_id */
-union sadb_x_ident_id {
- u_int64_t sadb_x_ident_id;
- struct _sadb_x_ident_id_addr {
- u_int16_t prefix;
- u_int16_t ul_proto;
- u_int32_t reserved;
- } sadb_x_ident_id_addr;
-};
struct sadb_sens {
u_int16_t sadb_sens_len;
diff -r d4e5ed6fddab -r c24474937e63 sys/netkey/key.c
--- a/sys/netkey/key.c Sat Jul 01 00:05:27 2000 +0000
+++ b/sys/netkey/key.c Sat Jul 01 01:01:34 2000 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: key.c,v 1.25 2000/06/28 03:29:45 mrg Exp $ */
-/* $KAME: key.c,v 1.132 2000/06/15 13:41:49 itojun Exp $ */
+/* $NetBSD: key.c,v 1.26 2000/07/01 01:01:35 itojun Exp $ */
+/* $KAME: key.c,v 1.137 2000/06/24 00:47:07 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -292,7 +292,7 @@
bzero((idx), sizeof(struct secasindex)); \
(idx)->proto = (p); \
(idx)->mode = (m); \
- (idx)->reqid = (r); ; \
+ (idx)->reqid = (r); \
bcopy((s), &(idx)->src, ((struct sockaddr *)(s))->sa_len); \
bcopy((d), &(idx)->dst, ((struct sockaddr *)(d))->sa_len); \
} while (0)
@@ -352,8 +352,10 @@
static struct mbuf *key_setsadbsa __P((struct secasvar *));
static struct mbuf *key_setsadbaddr __P((u_int16_t,
struct sockaddr *, u_int8_t, u_int16_t));
+#if 0
static struct mbuf *key_setsadbident __P((u_int16_t, u_int16_t, caddr_t,
int, u_int64_t));
+#endif
static struct mbuf *key_setsadbxsa2(u_int8_t, u_int32_t);
static struct mbuf *key_setsadbxpolicy __P((u_int16_t, u_int8_t,
u_int32_t));
@@ -365,6 +367,8 @@
__P((struct secasindex *, struct secasindex *));
static int key_cmpsaidx_withmode
__P((struct secasindex *, struct secasindex *));
+static int key_cmpsaidx_withoutmode
+ __P((struct secasindex *, struct secasindex *));
static int key_cmpspidx_exactly
__P((struct secpolicyindex *, struct secpolicyindex *));
static int key_cmpspidx_withmask
@@ -2012,7 +2016,6 @@
key_spdacquire(sp)
struct secpolicy *sp;
{
- union sadb_x_ident_id id;
struct mbuf *result = NULL, *m;
struct secspacq *newspacq;
int error;
@@ -2052,29 +2055,6 @@
}
result = m;
- /* set sadb_address for spidx's. */
- bzero(&id, sizeof(id));
- id.sadb_x_ident_id_addr.prefix = sp->spidx.prefs;
- id.sadb_x_ident_id_addr.ul_proto = sp->spidx.ul_proto;
- m = key_setsadbident(SADB_EXT_IDENTITY_SRC, SADB_X_IDENTTYPE_ADDR,
- (caddr_t)&sp->spidx.src, sp->spidx.src.ss_len, *(u_int64_t *)&id);
- if (!m) {
- error = ENOBUFS;
- goto fail;
- }
- m_cat(result, m);
-
- bzero(&id, sizeof(id));
- id.sadb_x_ident_id_addr.prefix = sp->spidx.prefd;
- id.sadb_x_ident_id_addr.ul_proto = sp->spidx.ul_proto;
- m = key_setsadbident(SADB_EXT_IDENTITY_DST, SADB_X_IDENTTYPE_ADDR,
- (caddr_t)&sp->spidx.dst, sp->spidx.dst.ss_len, *(u_int64_t *)&id);
- if (!m) {
- error = ENOBUFS;
- goto fail;
- }
- m_cat(result, m);
-
result->m_pkthdr.len = 0;
for (m = result; m; m = m->m_next)
result->m_pkthdr.len += m->m_len;
@@ -3432,6 +3412,7 @@
return m;
}
+#if 0
/*
* set data into sadb_ident.
*/
@@ -3469,6 +3450,7 @@
return m;
}
+#endif
/*
* set data into sadb_x_sa2.
@@ -3725,6 +3707,42 @@
}
/*
+ * compare two secasindex structure without mode.
+ * don't compare port.
+ * IN:
+ * saidx0: source, it is often in SAD.
+ * saidx1: object, it is often from user.
+ * OUT:
+ * 1 : equal
+ * 0 : not equal
+ */
+static int
+key_cmpsaidx_withoutmode(saidx0, saidx1)
+ struct secasindex *saidx0, *saidx1;
+{
+ /* sanity */
+ if (saidx0 == NULL && saidx1 == NULL)
+ return 1;
+
+ if (saidx0 == NULL || saidx1 == NULL)
+ return 0;
+
+ if (saidx0->proto != saidx1->proto)
+ return 0;
+
+ if (key_sockaddrcmp((struct sockaddr *)&saidx0->src,
+ (struct sockaddr *)&saidx1->src, 0) != 0) {
+ return 0;
+ }
+ if (key_sockaddrcmp((struct sockaddr *)&saidx0->dst,
+ (struct sockaddr *)&saidx1->dst, 0) != 0) {
+ return 0;
+ }
+
+ return 1;
+}
+
+/*
* compare two secindex structure exactly.
* IN:
* spidx0: source, it is often in SPD.
@@ -4987,16 +5005,6 @@
}
switch (idsrc->sadb_ident_type) {
- case SADB_X_IDENTTYPE_ADDR:
-#define IDENTXID(a) (((union sadb_x_ident_id *)(a))->sadb_x_ident_id_addr)
- if (IDENTXID(idsrc).ul_proto != IDENTXID(iddst).ul_proto) {
-#ifdef IPSEC_DEBUG
- printf("key_setident: ul_proto mismatch.\n");
-#endif
- return EINVAL;
- }
-#undef IDENTXID
- break;
case SADB_IDENTTYPE_PREFIX:
case SADB_IDENTTYPE_FQDN:
case SADB_IDENTTYPE_USERFQDN:
@@ -5086,7 +5094,7 @@
struct sadb_address *src0, *dst0;
struct secasindex saidx;
struct secashead *sah;
- struct secasvar *sav;
+ struct secasvar *sav = NULL;
u_int16_t proto;
/* sanity check */
@@ -5129,7 +5137,12 @@
LIST_FOREACH(sah, &sahtree, chain) {
if (sah->state == SADB_SASTATE_DEAD)
continue;
- if (key_cmpsaidx_withmode(&sah->saidx, &saidx))
+ if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0)
+ continue;
+
+ /* get a SA with SPI. */
+ sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
+ if (sav)
break;
}
if (sah == NULL) {
@@ -5139,15 +5152,6 @@
return key_senderror(so, m, ENOENT);
}
- /* get a SA with SPI. */
- sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
- if (sav == NULL) {
-#ifdef IPSEC_DEBUG
- printf("key_delete: no alive SA found.\n");
-#endif
- return key_senderror(so, m, ENOENT);
- }
-
key_sa_chgstate(sav, SADB_SASTATE_DEAD);
key_freesav(sav);
sav = NULL;
@@ -5198,7 +5202,7 @@
struct sadb_address *src0, *dst0;
struct secasindex saidx;
struct secashead *sah;
- struct secasvar *sav;
+ struct secasvar *sav = NULL;
u_int16_t proto;
/* sanity check */
@@ -5241,7 +5245,12 @@
LIST_FOREACH(sah, &sahtree, chain) {
if (sah->state == SADB_SASTATE_DEAD)
continue;
- if (key_cmpsaidx_withmode(&sah->saidx, &saidx))
+ if (key_cmpsaidx_withoutmode(&sah->saidx, &saidx) == 0)
+ continue;
+
+ /* get a SA with SPI. */
+ sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
+ if (sav)
break;
}
if (sah == NULL) {
@@ -5251,15 +5260,6 @@
return key_senderror(so, m, ENOENT);
}
- /* get a SA with SPI. */
- sav = key_getsavbyspi(sah, sa0->sadb_sa_spi);
- if (sav == NULL) {
-#ifdef IPSEC_DEBUG
- printf("key_get: no SA with state of mature found.\n");
-#endif
- return key_senderror(so, m, ENOENT);
- }
-
{
struct mbuf *n;
u_int8_t satype;
@@ -5496,7 +5496,6 @@
u_int8_t satype;
int error = -1;
u_int32_t seq;
- union sadb_x_ident_id id;
/* sanity check */
if (saidx == NULL || sp == NULL)
@@ -5575,39 +5574,7 @@
}
m_cat(result, m);
- /* set sadb_address for spidx's. */
- bzero(&id, sizeof(id));
- id.sadb_x_ident_id_addr.prefix = spidx->prefs;
- id.sadb_x_ident_id_addr.ul_proto = spidx->ul_proto;
- m = key_setsadbident(SADB_EXT_IDENTITY_SRC, SADB_X_IDENTTYPE_ADDR,
- (caddr_t)&spidx->src, spidx->src.ss_len, *(u_int64_t *)&id);
- if (!m) {
- error = ENOBUFS;
- goto fail;
- }
- m_cat(result, m);
-
- bzero(&id, sizeof(id));
- id.sadb_x_ident_id_addr.prefix = spidx->prefd;
- id.sadb_x_ident_id_addr.ul_proto = spidx->ul_proto;
- m = key_setsadbident(SADB_EXT_IDENTITY_DST, SADB_X_IDENTTYPE_ADDR,
- (caddr_t)&spidx->dst, spidx->dst.ss_len, *(u_int64_t *)&id);
- if (!m) {
- error = ENOBUFS;
- goto fail;
- }
- m_cat(result, m);
-
- /* XXX sensitivity (optional) */
-
- /* create proposal/combination extension */
- m = key_getprop(saidx);
- if (!m) {
- error = ENOBUFS;
Home |
Main Index |
Thread Index |
Old Index