Navigation

← Previous Changeset
Next Changeset →

Changeset 179

Timestamp:

01/11/07 13:05:17 (2 years ago)

Author:

ccase

Message:

merged with upstream 07-01-11

Files:

upstream/ipsec-tools/ChangeLog (modified) (1 diff)
upstream/ipsec-tools/configure.ac (modified) (1 diff)
upstream/ipsec-tools/src/libipsec/Makefile.am (modified) (1 diff)
upstream/ipsec-tools/src/libipsec/libpfkey.h (modified) (4 diffs)
upstream/ipsec-tools/src/libipsec/pfkey.c (modified) (24 diffs)
upstream/ipsec-tools/src/racoon/Makefile.am (modified) (2 diffs)
upstream/ipsec-tools/src/racoon/backupsa.c (modified) (13 diffs)
upstream/ipsec-tools/src/racoon/backupsa.h (modified) (2 diffs)
upstream/ipsec-tools/src/racoon/cfparse.y (modified) (5 diffs)
upstream/ipsec-tools/src/racoon/cftoken.l (modified) (2 diffs)
upstream/ipsec-tools/src/racoon/crypto_openssl.c (modified) (3 diffs)
upstream/ipsec-tools/src/racoon/doc/README.plainrsa (added)
upstream/ipsec-tools/src/racoon/ipsec_doi.c (modified) (7 diffs)
upstream/ipsec-tools/src/racoon/ipsec_doi.h (modified) (2 diffs)
upstream/ipsec-tools/src/racoon/isakmp_inf.c (modified) (2 diffs)
upstream/ipsec-tools/src/racoon/isakmp_quick.c (modified) (4 diffs)
upstream/ipsec-tools/src/racoon/pfkey.c (modified) (28 diffs)
upstream/ipsec-tools/src/racoon/policy.c (modified) (4 diffs)
upstream/ipsec-tools/src/racoon/policy.h (modified) (4 diffs)
upstream/ipsec-tools/src/racoon/proposal.c (modified) (6 diffs)
upstream/ipsec-tools/src/racoon/proposal.h (modified) (3 diffs)
upstream/ipsec-tools/src/racoon/racoon.conf.5 (modified) (11 diffs)
upstream/ipsec-tools/src/racoon/remoteconf.c (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

upstream/ipsec-tools/ChangeLog

r139	r179
	1	2006-12-18 Yvan Vanhullebus <vanhu@netasq.com>
	2	From Joy Latten <latten@austin.ibm.com>
	3	* src/racoon/crypto_openssl.c: fixed a memory leak
	4
	5	---------------------------------------------
	6
	7	Branch for 0.7 created (ipsec-tools-0_7-branch)
	8
	9	2006-12-11 Emmanuel Dreyfus <manu@netbsd.org>
	10	* src/libipsec/{Makefile.am\|libpfkey.h\|pfkey.c}
	11	src/racoon/{backupsa.c\|pfkey.c}: Bring back API and ABI backward
	12	compatibility with previous libipsec interface change. Bump
	13	libipsec minor version. Remove ifdefs in struct pfkey_send_sa_args
	14	to avoid ABI compatibility lossage.
	15	* src/libipsec/{libpfkey.h\|pfkey.c} src/racoon/cfparse.y: add
	16	capability flags to detect missing optional feature in libipsec
	17
	18	2006-12-10 Emmanuel Dreyfus <manu@netbsd.org>
	19	From Joy Latten <latten@austin.ibm.com>
	20	* src/racoon/Makefile.am
	21	src/racoon/doc/README.plainrsa: new file documenting plain RSA auth
	22
	23	2006-12-09 Emmanuel Dreyfus <manu@netbsd.org>
	24	From Joy Latten <latten@austin.ibm.com>
	25	* configure.ac src/libipsec/{libpfkey.h\|pfkey.c}
	26	src/racoon/{Makefile.am\|backupsa.c\|backupsa.h\|cftoken.l\|ipsec_doi.c}
	27	src/racoon/{ipsec_doi.h\|isakmp_inf.c\|isakmp_quick.c\|pfkey.c\|policy.c}
	28	src/racoon/{policy.h\|proposal.c\|proposal.h\|remoteconf.c}: Add support for SELinux security contexts. Also cleanup the libipsec
	29	interface for adding and updating security associations.
	30
	31	From Simon Chang <simonychang@gmail.com>
	32	* src/racoon/racoon.conf.5: More hints about plain RSA authentication
	33
	34	2006-12-05 Yvan Vanhullebus <vanhu@netasq.com>
	35	* src/racoon/proposal.[ch]: Check keys length regarding
	36	pcheck_level in cmpsatrns().
	37	* src/racoon/racoon.conf.5: updated man page about what is
	38	impacted by proposal_check level.
	39
1	40	2006-11-12 Matthew Grooms <mgrooms@shrew.net>
2	41	* src/racoon/sainfo.c: fix anonymous sainfo selection.

upstream/ipsec-tools/configure.ac

r86	r179
769	769	SECCTX_OBJS="security.o"
770	770	AC_SUBST(SECCTX_OBJS)
	771	LIBS="$LIBS -lselinux"
771	772	fi
772	773	fi

upstream/ipsec-tools/src/libipsec/Makefile.am

r82	r179
24	24	# version is current:revision:age.
25	25	# See: http://www.gnu.org/manual/libtool-1.4.2/html_chapter/libtool_6.html#SEC32
26		libipsec_la_LDFLAGS = -version-info 0:0:0
	26	libipsec_la_LDFLAGS = -version-info 0:1:0
27	27	libipsec_la_LIBADD = $(LEXLIB)
28	28

upstream/ipsec-tools/src/libipsec/libpfkey.h

r86	r179
1		/* $NetBSD: libpfkey.h,v 1.1~~0 2006/09/09 16:22:0~~9 manu Exp $ */
	1	/* $NetBSD: libpfkey.h,v 1.12 2006/12/10 18:46:39 manu Exp $ */
2	2
3	3	/* Id: libpfkey.h,v 1.13 2005/12/04 20:26:43 manubsd Exp */
…	…
69	69	#endif
70	70
	71	struct pfkey_send_sa_args {
	72	int so; /* socket */
	73	u_int type;
	74	u_int satype;
	75	u_int mode;
	76	struct sockaddr src; / IP src address for SA */
	77	struct sockaddr dst; / IP dst address for SA */
	78	u_int32_t spi; /* SA's spi */
	79	u_int32_t reqid;
	80	u_int wsize;
	81	caddr_t keymat;
	82	u_int e_type, e_keylen; /* Encryption alg and keylen */
	83	u_int a_type, a_keylen; /* Authentication alg and key */
	84	u_int flags;
	85	u_int32_t l_alloc;
	86	u_int32_t l_bytes;
	87	u_int32_t l_addtime;
	88	u_int32_t l_usetime;
	89	u_int32_t seq;
	90	u_int8_t l_natt_type;
	91	u_int16_t l_natt_sport, l_natt_dport;
	92	struct sockaddr *l_natt_oa;
	93	u_int16_t l_natt_frag;
	94	u_int8_t ctxdoi, ctxalg; /* Security context DOI and algorithm */
	95	caddr_t ctxstr; /* Security context string */
	96	u_int16_t ctxstrlen; /* length of security context string */
	97	};
	98
	99	/* The options built into libipsec */
	100	extern int libipsec_opt;
	101	#define LIBIPSEC_OPT_NATT 0x01
	102	#define LIBIPSEC_OPT_FRAG 0x02
	103	#define LIBIPSEC_OPT_SEC_CTX 0x04
	104
71	105	/* IPsec Library Routines */
72	106
…	…
88	122	int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *,
89	123	struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t));
90		int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *,
91		struct sockaddr *, u_int32_t, u_int32_t, u_int,
92		caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
93		u_int64_t, u_int64_t, u_int32_t));
94		int pfkey_send_update_nat __P((int, u_int, u_int, struct sockaddr *,
95		struct sockaddr *, u_int32_t, u_int32_t, u_int,
96		caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
97		u_int64_t, u_int64_t, u_int32_t,
98		u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
99		int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *,
100		struct sockaddr *, u_int32_t, u_int32_t, u_int,
101		caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
102		u_int64_t, u_int64_t, u_int32_t));
103		int pfkey_send_add_nat __P((int, u_int, u_int, struct sockaddr *,
104		struct sockaddr *, u_int32_t, u_int32_t, u_int,
105		caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
106		u_int64_t, u_int64_t, u_int32_t,
107		u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
	124	int pfkey_send_update2 __P((struct pfkey_send_sa_args *));
	125	int pfkey_send_add2 __P((struct pfkey_send_sa_args *));
108	126	int pfkey_send_delete __P((int, u_int, u_int,
109	127	struct sockaddr , struct sockaddr , u_int32_t));
…	…
147	165	int pfkey_align __P((struct sadb_msg , caddr_t ));
148	166	int pfkey_check __P((caddr_t *));
	167
	168	/*
	169	* Deprecated, available for backward compatibility with third party
	170	* libipsec users. Please use pfkey_send_update2 and pfkey_send_add2 instead
	171	*/
	172	int pfkey_send_update __P((int, u_int, u_int, struct sockaddr *,
	173	struct sockaddr *, u_int32_t, u_int32_t, u_int,
	174	caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
	175	u_int64_t, u_int64_t, u_int32_t));
	176	int pfkey_send_update_nat __P((int, u_int, u_int, struct sockaddr *,
	177	struct sockaddr *, u_int32_t, u_int32_t, u_int,
	178	caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
	179	u_int64_t, u_int64_t, u_int32_t,
	180	u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
	181	int pfkey_send_add __P((int, u_int, u_int, struct sockaddr *,
	182	struct sockaddr *, u_int32_t, u_int32_t, u_int,
	183	caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
	184	u_int64_t, u_int64_t, u_int32_t));
	185	int pfkey_send_add_nat __P((int, u_int, u_int, struct sockaddr *,
	186	struct sockaddr *, u_int32_t, u_int32_t, u_int,
	187	caddr_t, u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int64_t,
	188	u_int64_t, u_int64_t, u_int32_t,
	189	u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
149	190
150	191	#ifndef __SYSDEP_SA_LEN__

upstream/ipsec-tools/src/libipsec/pfkey.c

r86	r179
1		/* $NetBSD: pfkey.c,v 1.1~~1 2006/09/21 09:42:08 vanh~~u Exp $ */
	1	/* $NetBSD: pfkey.c,v 1.13 2006/12/10 18:46:39 manu Exp $ */
2	2
3	3	/* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */
…	…
61	61	static int setsupportedmap __P((struct sadb_supported *));
62	62	static struct sadb_alg *findsupportedalg __P((u_int, u_int));
63		static int pfkey_send_x1 __P((int, u_int, u_int, u_int, struct sockaddr *,
64		struct sockaddr *, u_int32_t, u_int32_t, u_int, caddr_t,
65		u_int, u_int, u_int, u_int, u_int, u_int32_t, u_int32_t,
66		u_int32_t, u_int32_t, u_int32_t,
67		u_int8_t, u_int16_t, u_int16_t, struct sockaddr *, u_int16_t));
	63	static int pfkey_send_x1 __P((struct pfkey_send_sa_args *));
68	64	static int pfkey_send_x2 __P((int, u_int, u_int, u_int,
69	65	struct sockaddr , struct sockaddr , u_int32_t));
…	…
92	88	static caddr_t pfkey_set_natt_frag __P((caddr_t, caddr_t, u_int, u_int16_t));
93	89	#endif
	90
	91	#ifdef SADB_X_EXT_SEC_CTX
	92	static caddr_t pfkey_setsecctx __P((caddr_t, caddr_t, u_int, u_int8_t, u_int8_t,
	93	caddr_t, u_int16_t));
	94	#endif
	95
	96	int libipsec_opt = 0
	97	#ifdef SADB_X_EXT_NAT_T_TYPE
	98	\| LIBIPSEC_OPT_NATT
	99	#endif
	100	#ifdef SADB_X_EXT_NAT_T_FRAG
	101	\| LIBIPSEC_OPT_FRAG
	102	#endif
	103	#ifdef SADB_X_EXT_NAT_T_SEC_CTX
	104	\| LIBIPSEC_OPT_SEC_CTX
	105	#endif
	106	;
94	107
95	108	/*
…	…
495	508	*/
496	509	int
497		pfkey_send_update(so, satype, mode, src, dst, spi, reqid, wsize,
498		keymat, e_type, e_keylen, a_type, a_keylen, flags,
499		l_alloc, l_bytes, l_addtime, l_usetime, seq)
500		int so;
501		u_int satype, mode, wsize;
502		struct sockaddr src, dst;
503		u_int32_t spi, reqid;
504		caddr_t keymat;
505		u_int e_type, e_keylen, a_type, a_keylen, flags;
506		u_int32_t l_alloc;
507		u_int64_t l_bytes, l_addtime, l_usetime;
508		u_int32_t seq;
	510	pfkey_send_update2(sa_parms)
	511	struct pfkey_send_sa_args *sa_parms;
509	512	{
510	513	int len;
511		if ((len = pfkey_send_x1(so, SADB_UPDATE, satype, mode, src, dst, spi,
512		reqid, wsize,
513		keymat, e_type, e_keylen, a_type, a_keylen, flags,
514		l_alloc, (u_int)l_bytes, (u_int)l_addtime,
515		(u_int)l_usetime, seq, 0, 0, 0, NULL, 0)) < 0)
	514
	515
	516	sa_parms->type = SADB_UPDATE;
	517	if ((len = pfkey_send_x1(sa_parms)) < 0)
516	518	return -1;
517	519
518	520	return len;
519	521	}
520
521		~~#ifdef SADB_X_EXT_NAT_T_TYPE~~
522		~~int~~
523		~~pfkey_send_update_nat(so, satype, mode, src, dst, spi, reqid, wsize,~~
524		~~keymat, e_type, e_keylen, a_type, a_keylen, flags,~~
525		~~l_alloc, l_bytes, l_addtime, l_usetime, seq,~~
526		~~l_natt_type, l_natt_sport, l_natt_dport, l_natt_oa,~~
527		~~l_natt_frag)~~
528		~~int so;~~
529		~~u_int satype, mode, wsize;~~
530		~~struct sockaddr src, dst;~~
531		~~u_int32_t spi, reqid;~~
532		~~caddr_t keymat;~~
533		~~u_int e_type, e_keylen, a_type, a_keylen, flags;~~
534		~~u_int32_t l_alloc;~~
535		~~u_int64_t l_bytes, l_addtime, l_usetime;~~
536		~~u_int32_t seq;~~
537		~~u_int8_t l_natt_type;~~
538		~~u_int16_t l_natt_sport, l_natt_dport;~~
539		~~struct sockaddr *l_natt_oa;~~
540		~~u_int16_t l_natt_frag;~~
541		{
542		~~int len;~~
543		~~if ((len = pfkey_send_x1(so, SADB_UPDATE, satype, mode, src, dst, spi,~~
544		~~reqid, wsize,~~
545		~~keymat, e_type, e_keylen, a_type, a_keylen, flags,~~
546		~~l_alloc, (u_int)l_bytes, (u_int)l_addtime,~~
547		~~(u_int)l_usetime, seq, l_natt_type, l_natt_sport,~~
548		~~l_natt_dport, l_natt_oa, l_natt_frag)) < 0)~~
549		~~return -1;~~
550
551		~~return len;~~
552		}
553		~~#endif~~
554	522
555	523	/*
…	…
561	529	*/
562	530	int
563		pfkey_send_add(so, satype, mode, src, dst, spi, reqid, wsize,
564		keymat, e_type, e_keylen, a_type, a_keylen, flags,
565		l_alloc, l_bytes, l_addtime, l_usetime, seq)
566		int so;
567		u_int satype, mode, wsize;
568		struct sockaddr src, dst;
569		u_int32_t spi, reqid;
570		caddr_t keymat;
571		u_int e_type, e_keylen, a_type, a_keylen, flags;
572		u_int32_t l_alloc;
573		u_int64_t l_bytes, l_addtime, l_usetime;
574		u_int32_t seq;
	531	pfkey_send_add2(sa_parms)
	532	struct pfkey_send_sa_args *sa_parms;
575	533	{
576	534	int len;
577		if ((len = pfkey_send_x1(so, SADB_ADD, satype, mode, src, dst, spi,
578		reqid, wsize,
579		keymat, e_type, e_keylen, a_type, a_keylen, flags,
580		l_alloc, (u_int)l_bytes, (u_int)l_addtime,
581		(u_int)l_usetime, seq, 0, 0, 0, NULL, 0)) < 0)
	535
	536	sa_parms->type = SADB_ADD;
	537	if ((len = pfkey_send_x1(sa_parms)) < 0)
582	538	return -1;
583	539
584	540	return len;
585	541	}
586
587		~~#ifdef SADB_X_EXT_NAT_T_TYPE~~
588		~~int~~
589		~~pfkey_send_add_nat(so, satype, mode, src, dst, spi, reqid, wsize,~~
590		~~keymat, e_type, e_keylen, a_type, a_keylen, flags,~~
591		~~l_alloc, l_bytes, l_addtime, l_usetime, seq,~~
592		~~l_natt_type, l_natt_sport, l_natt_dport, l_natt_oa,~~
593		~~l_natt_frag)~~
594		~~int so;~~
595		~~u_int satype, mode, wsize;~~
596		~~struct sockaddr src, dst;~~
597		~~u_int32_t spi, reqid;~~
598		~~caddr_t keymat;~~
599		~~u_int e_type, e_keylen, a_type, a_keylen, flags;~~
600		~~u_int32_t l_alloc;~~
601		~~u_int64_t l_bytes, l_addtime, l_usetime;~~
602		~~u_int32_t seq;~~
603		~~u_int8_t l_natt_type;~~
604		~~u_int16_t l_natt_sport, l_natt_dport;~~
605		~~struct sockaddr *l_natt_oa;~~
606		~~u_int16_t l_natt_frag;~~
607		{
608		~~int len;~~
609		~~if ((len = pfkey_send_x1(so, SADB_ADD, satype, mode, src, dst, spi,~~
610		~~reqid, wsize,~~
611		~~keymat, e_type, e_keylen, a_type, a_keylen, flags,~~
612		~~l_alloc, (u_int)l_bytes, (u_int)l_addtime,~~
613		~~(u_int)l_usetime, seq, l_natt_type, l_natt_sport,~~
614		~~l_natt_dport, l_natt_oa, l_natt_frag)) < 0)~~
615		~~return -1;~~
616
617		~~return len;~~
618		}
619		~~#endif~~
620	542
621	543	/*
…	…
1295	1217	/* sending SADB_ADD or SADB_UPDATE message to the kernel */
1296	1218	static int
1297		pfkey_send_x1(so, type, satype, mode, src, dst, spi, reqid, wsize,
1298		keymat, e_type, e_keylen, a_type, a_keylen, flags,
1299		l_alloc, l_bytes, l_addtime, l_usetime, seq,
1300		l_natt_type, l_natt_sport, l_natt_dport, l_natt_oa,
1301		l_natt_frag)
1302		int so;
1303		u_int type, satype, mode;
1304		struct sockaddr src, dst, *l_natt_oa;
1305		u_int32_t spi, reqid;
1306		u_int wsize;
1307		caddr_t keymat;
1308		u_int e_type, e_keylen, a_type, a_keylen, flags;
1309		u_int32_t l_alloc, l_bytes, l_addtime, l_usetime, seq;
1310		u_int16_t l_natt_sport, l_natt_dport;
1311		u_int8_t l_natt_type;
1312		u_int16_t l_natt_frag;
	1219	pfkey_send_x1(sa_parms)
	1220	struct pfkey_send_sa_args *sa_parms;
1313	1221	{
1314	1222	struct sadb_msg *newmsg;
…	…
1319	1227
1320	1228	/* validity check */
1321		if (s~~rc == NULL \|\|~~ dst == NULL) {
	1229	if (sa_parms->src == NULL \|\| sa_parms->dst == NULL) {
1322	1230	__ipsec_errcode = EIPSEC_INVAL_ARGUMENT;
1323	1231	return -1;
1324	1232	}
1325		if (s~~rc->sa_family !=~~ dst->sa_family) {
	1233	if (sa_parms->src->sa_family != sa_parms->dst->sa_family) {
1326	1234	__ipsec_errcode = EIPSEC_FAMILY_MISMATCH;
1327	1235	return -1;
1328	1236	}
1329		switch (src->sa_family) {
	1237	switch (sa_parms->src->sa_family) {
1330	1238	case AF_INET:
1331	1239	plen = sizeof(struct in_addr) << 3;
…	…
1339	1247	}
1340	1248
1341		switch (satype) {
	1249	switch (sa_parms->satype) {
1342	1250	case SADB_SATYPE_ESP:
1343		if (e_type == SADB_EALG_NONE) {
	1251	if (sa_parms->e_type == SADB_EALG_NONE) {
1344	1252	__ipsec_errcode = EIPSEC_NO_ALGS;
1345	1253	return -1;
…	…
1347	1255	break;
1348	1256	case SADB_SATYPE_AH:
1349		if (e_type != SADB_EALG_NONE) {
	1257	if (sa_parms->e_type != SADB_EALG_NONE) {
1350	1258	__ipsec_errcode = EIPSEC_INVAL_ALGS;
1351	1259	return -1;
1352	1260	}
1353		if (a_type == SADB_AALG_NONE) {
	1261	if (sa_parms->a_type == SADB_AALG_NONE) {
1354	1262	__ipsec_errcode = EIPSEC_NO_ALGS;
1355	1263	return -1;
…	…
1357	1265	break;
1358	1266	case SADB_X_SATYPE_IPCOMP:
1359		if (e_type == SADB_X_CALG_NONE) {
	1267	if (sa_parms->e_type == SADB_X_CALG_NONE) {
1360	1268	__ipsec_errcode = EIPSEC_INVAL_ALGS;
1361	1269	return -1;
1362	1270	}
1363		if (a_type != SADB_AALG_NONE) {
	1271	if (sa_parms->a_type != SADB_AALG_NONE) {
1364	1272	__ipsec_errcode = EIPSEC_NO_ALGS;
1365	1273	return -1;
…	…
1368	1276	#ifdef SADB_X_AALG_TCP_MD5
1369	1277	case SADB_X_SATYPE_TCPSIGNATURE:
1370		if (e_type != SADB_EALG_NONE) {
	1278	if (sa_parms->e_type != SADB_EALG_NONE) {
1371	1279	__ipsec_errcode = EIPSEC_INVAL_ALGS;
1372	1280	return -1;
1373	1281	}
1374		if (a_type != SADB_X_AALG_TCP_MD5) {
	1282	if (sa_parms->a_type != SADB_X_AALG_TCP_MD5) {
1375	1283	__ipsec_errcode = EIPSEC_INVAL_ALGS;
1376	1284	return -1;
…	…
1388	1296	+ sizeof(struct sadb_x_sa2)
1389	1297	+ sizeof(struct sadb_address)
1390		+ PFKEY_ALIGN8(sysdep_sa_len(src))
	1298	+ PFKEY_ALIGN8(sysdep_sa_len(sa_parms->src))
1391	1299	+ sizeof(struct sadb_address)
1392		+ PFKEY_ALIGN8(sysdep_sa_len(dst))
	1300	+ PFKEY_ALIGN8(sysdep_sa_len(sa_parms->dst))
1393	1301	+ sizeof(struct sadb_lifetime)
1394	1302	+ sizeof(struct sadb_lifetime);
1395	1303
1396		if (e_type != SADB_EALG_NONE && satype != SADB_X_SATYPE_IPCOMP)
1397		len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(e_keylen));
1398		if (a_type != SADB_AALG_NONE)
1399		len += (sizeof(struct sadb_key) + PFKEY_ALIGN8(a_keylen));
	1304	if (sa_parms->e_type != SADB_EALG_NONE &&
	1305	sa_parms->satype != SADB_X_SATYPE_IPCOMP)
	1306	len += (sizeof(struct sadb_key) +
	1307	PFKEY_ALIGN8(sa_parms->e_keylen));
	1308	if (sa_parms->a_type != SADB_AALG_NONE)
	1309	len += (sizeof(struct sadb_key) +
	1310	PFKEY_ALIGN8(sa_parms->a_keylen));
	1311
	1312	#ifdef SADB_X_EXT_SEC_CTX
	1313	if (sa_parms->ctxstr != NULL)
	1314	len += (sizeof(struct sadb_x_sec_ctx)
	1315	+ PFKEY_ALIGN8(sa_parms->ctxstrlen));
	1316	#endif
1400	1317
1401	1318	#ifdef SADB_X_EXT_NAT_T_TYPE
1402	1319	/* add nat-t packets */
1403		if (l_natt_type) {
1404		switch(satype) {
	1320	if (sa_parms->l_natt_type) {
	1321	switch(sa_parms->satype) {
1405	1322	case SADB_SATYPE_ESP:
1406	1323	case SADB_X_SATYPE_IPCOMP:
…	…
1414	1331	len += sizeof(struct sadb_x_nat_t_port);
1415	1332	len += sizeof(struct sadb_x_nat_t_port);
1416		if (l_natt_oa)
	1333	if (sa_parms->l_natt_oa)
1417	1334	len += sizeof(struct sadb_address) +
1418		PFKEY_ALIGN8(sysdep_sa_len(l_natt_oa));
	1335	PFKEY_ALIGN8(sysdep_sa_len(sa_parms->l_natt_oa));
1419	1336	#ifdef SADB_X_EXT_NAT_T_FRAG
1420		if (l_natt_frag)
	1337	if (sa_parms->l_natt_frag)
1421	1338	len += sizeof(struct sadb_x_nat_t_frag);
1422	1339	#endif
…	…
1430	1347	ep = ((caddr_t)(void *)newmsg) + len;
1431	1348
1432		p = pfkey_setsadbmsg((void *)newmsg, ep, type, (u_int)len,
1433		sa~~type,~~ seq, getpid());
	1349	p = pfkey_setsadbmsg((void *)newmsg, ep, sa_parms->type, (u_int)len,
	1350	sa_parms->satype, sa_parms->seq, getpid());
1434	1351	if (!p) {
1435	1352	free(newmsg);
1436	1353	return -1;
1437	1354	}
1438		p = pfkey_setsadbsa(p, ep, spi, wsize, a_type, e_type, flags);
	1355	p = pfkey_setsadbsa(p, ep, sa_parms->spi, sa_parms->wsize,
	1356	sa_parms->a_type, sa_parms->e_type,
	1357	sa_parms->flags);
1439	1358	if (!p) {
1440	1359	free(newmsg);
1441	1360	return -1;
1442	1361	}
1443		p = pfkey_setsadbxsa2(p, ep, ~~mode,~~ reqid);
	1362	p = pfkey_setsadbxsa2(p, ep, sa_parms->mode, sa_parms->reqid);
1444	1363	if (!p) {
1445	1364	free(newmsg);
1446	1365	return -1;
1447	1366	}
1448		p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, s~~rc, (u_int)plen,~~
1449		IPSEC_ULPROTO_ANY);
	1367	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_SRC, sa_parms->src,
	1368	(u_int)plen, IPSEC_ULPROTO_ANY);
1450	1369	if (!p) {
1451	1370	free(newmsg);
1452	1371	return -1;
1453	1372	}
1454		p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, ~~dst, (u_int)plen,~~
1455		IPSEC_ULPROTO_ANY);
	1373	p = pfkey_setsadbaddr(p, ep, SADB_EXT_ADDRESS_DST, sa_parms->dst,
	1374	(u_int)plen, IPSEC_ULPROTO_ANY);
1456	1375	if (!p) {
1457	1376	free(newmsg);
…	…
1459	1378	}
1460	1379
1461		if (e_type != SADB_EALG_NONE && satype != SADB_X_SATYPE_IPCOMP) {
	1380	if (sa_parms->e_type != SADB_EALG_NONE &&
	1381	sa_parms->satype != SADB_X_SATYPE_IPCOMP) {
1462	1382	p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_ENCRYPT,
1463		~~keymat,~~ e_keylen);
	1383	sa_parms->keymat, sa_parms->e_keylen);
1464	1384	if (!p) {
1465	1385	free(newmsg);
…	…
1467	1387	}
1468	1388	}
1469		if (a_type != SADB_AALG_NONE) {
	1389	if (sa_parms->a_type != SADB_AALG_NONE) {
1470	1390	p = pfkey_setsadbkey(p, ep, SADB_EXT_KEY_AUTH,
1471		keymat + e_keylen, a_keylen);
	1391	sa_parms->keymat + sa_parms->e_keylen,
	1392	sa_parms->a_keylen);
1472	1393	if (!p) {
1473	1394	free(newmsg);
…	…
1478	1399	/* set sadb_lifetime for destination */
1479	1400	p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_HARD,
1480		l_alloc, l_bytes, l_addtime, l_usetime);
	1401	sa_parms->l_alloc, sa_parms->l_bytes,
	1402	sa_parms->l_addtime, sa_parms->l_usetime);
1481	1403	if (!p) {
1482	1404	free(newmsg);
…	…
1484	1406	}
1485	1407	p = pfkey_setsadblifetime(p, ep, SADB_EXT_LIFETIME_SOFT,
1486		l_alloc, l_bytes, l_addtime, l_usetime);
	1408	sa_parms->l_alloc, sa_parms->l_bytes,
	1409	sa_parms->l_addtime, sa_parms->l_usetime);
1487	1410	if (!p) {
1488	1411	free(newmsg);
1489	1412	return -1;
1490	1413	}
	1414	#ifdef SADB_X_EXT_SEC_CTX
	1415	if (sa_parms->ctxstr != NULL) {
	1416	p = pfkey_setsecctx(p, ep, SADB_X_EXT_SEC_CTX, sa_parms->ctxdoi,
	1417	sa_parms->ctxalg, sa_parms->ctxstr,
	1418	sa_parms->ctxstrlen);
	1419	if (!p) {
	1420	free(newmsg);
	1421	return -1;
	1422	}
	1423	}
	1424	#endif
1491	1425
1492	1426	#ifdef SADB_X_EXT_NAT_T_TYPE
1493	1427	/* Add nat-t messages */
1494		if (l_natt_type) {
1495		p = pfkey_set_natt_type(p, ep, SADB_X_EXT_NAT_T_TYPE, l_natt_type);
	1428	if (sa_parms->l_natt_type) {
	1429	p = pfkey_set_natt_type(p, ep, SADB_X_EXT_NAT_T_TYPE,
	1430	sa_parms->l_natt_type);
1496	1431	if (!p) {
1497	1432	free(newmsg);
…	…
1500	1435
1501	1436	p = pfkey_set_natt_port(p, ep, SADB_X_EXT_NAT_T_SPORT,
1502		l_natt_sport);
	1437	sa_parms->l_natt_sport);
1503	1438	if (!p) {
1504	1439	free(newmsg);
…	…
1507	1442
1508	1443	p = pfkey_set_natt_port(p, ep, SADB_X_EXT_NAT_T_DPORT,
1509		l_natt_dport);
	1444	sa_parms->l_natt_dport);
1510	1445	if (!p) {
1511	1446	free(newmsg);
…	…
1513	1448	}
1514	1449
1515		if (l_natt_oa) {
	1450	if (sa_parms->l_natt_oa) {
1516	1451	p = pfkey_setsadbaddr(p, ep, SADB_X_EXT_NAT_T_OA,
1517		l_natt_oa,
1518		(u_int)PFKEY_ALIGN8(sysdep_sa_len(l_natt_oa)),
	1452	sa_parms->l_natt_oa,
	1453	(u_int)PFKEY_ALIGN8(sysdep_sa_len(sa_parms->l_natt_oa)),
1519	1454	IPSEC_ULPROTO_ANY);
1520	1455	if (!p) {
…	…
1524	1459	}
1525	1460
1526		~~if (l_natt_frag) {~~
1527	1461	#ifdef SADB_X_EXT_NAT_T_FRAG
	1462	if (sa_parms->l_natt_frag) {
1528	1463	p = pfkey_set_natt_frag(p, ep, SADB_X_EXT_NAT_T_FRAG,
1529		l_natt_frag);
	1464	sa_parms->l_natt_frag);
1530	1465	if (!p) {
1531	1466	free(newmsg);
1532	1467	return -1;
1533	1468	}
1534		#endif
1535		}
	1469	}
	1470	#endif
1536	1471	}
1537	1472	#endif
…	…
1543	1478
1544	1479	/* send message */
1545		len = pfkey_send(so, newmsg, len);
	1480	len = pfkey_send(sa_parms->so, newmsg, len);
1546	1481	free(newmsg);
1547	1482
…	…
2504	2439	}
2505	2440	#endif
	2441
	2442	#ifdef SADB_X_EXT_SEC_CTX
	2443	static caddr_t
	2444	pfkey_setsecctx(buf, lim, type, ctx_doi, ctx_alg, sec_ctx, sec_ctxlen)
	2445	caddr_t buf;
	2446	caddr_t lim;
	2447	u_int type;
	2448	u_int8_t ctx_doi, ctx_alg;
	2449	caddr_t sec_ctx;
	2450	u_int16_t sec_ctxlen;
	2451	{
	2452	struct sadb_x_sec_ctx *p;
	2453	u_int len;
	2454
	2455	p = (struct sadb_x_sec_ctx *)buf;
	2456	len = sizeof(struct sadb_x_sec_ctx) + PFKEY_ALIGN8(sec_ctxlen);
	2457
	2458	if (buf + len > lim)
	2459	return NULL;
	2460
	2461	memset(p, 0, len);
	2462	p->sadb_x_sec_len = PFKEY_UNIT64(len);
	2463	p->sadb_x_sec_exttype = type;
	2464	p->sadb_x_ctx_len = sec_ctxlen;
	2465	p->sadb_x_ctx_doi = ctx_doi;
	2466	p->sadb_x_ctx_alg = ctx_alg;
	2467
	2468	memcpy(p + 1, sec_ctx, sec_ctxlen);
	2469
	2470	return buf + len;
	2471	}
	2472	#endif
	2473
	2474	/*
	2475	* Deprecated, available for backward compatibility with third party
	2476	* libipsec users. Please use pfkey_send_update2 and pfkey_send_add2 instead
	2477	*/
	2478	int
	2479	pfkey_send_update(so, satype, mode, src, dst, spi, reqid, wsize,
	2480	keymat, e_type, e_keylen, a_type, a_keylen, flags,
	2481	l_alloc, l_bytes, l_addtime, l_usetime, seq)
	2482	int so;
	2483	u_int satype, mode, wsize;
	2484	struct sockaddr src, dst;
	2485	u_int32_t spi, reqid;
	2486	caddr_t keymat;
	2487	u_int e_type, e_keylen, a_type, a_keylen, flags;
	2488	u_int32_t l_alloc;
	2489	u_int64_t l_bytes, l_addtime, l_usetime;
	2490	u_int32_t seq;
	2491	{
	2492	struct pfkey_send_sa_args psaa;
	2493
	2494	memset(&psaa, 0, sizeof(psaa));
	2495	psaa.so = so;
	2496	psaa.type = SADB_UPDATE;
	2497	psaa.satype = satype;
	2498	psaa.mode = mode;
	2499	psaa.wsize = wsize;
	2500	psaa.src = src;
	2501	psaa.dst = dst;
	2502	psaa.spi = spi;
	2503	psaa.reqid = reqid;
	2504	psaa.keymat = keymat;
	2505	psaa.e_type = e_type;
	2506	psaa.e_keylen = e_keylen;
	2507	psaa.a_type = a_type;
	2508	psaa.a_keylen = a_keylen;
	2509	psaa.flags = flags;
	2510	psaa.l_alloc = l_alloc;
	2511	psaa.l_bytes = l_bytes;
	2512	psaa.l_addtime = l_addtime;
	2513	psaa.l_usetime = l_usetime;
	2514	psaa.seq = seq;
	2515
	2516	return pfkey_send_update2(&psaa);
	2517	}
	2518
	2519	int
	2520	pfkey_send_update_nat(so, satype, mode, src, dst, spi, reqid, wsize,
	2521	keymat, e_type, e_keylen, a_type, a_keylen, flags,
	2522	l_alloc, l_bytes, l_addtime, l_usetime, seq,
	2523	l_natt_type, l_natt_sport, l_natt_dport, l_natt_oa,
	2524	l_natt_frag)
	2525	int so;
	2526	u_int satype, mode, wsize;
	2527	struct sockaddr src, dst;
	2528	u_int32_t spi, reqid;
	2529	caddr_t keymat;
	2530	u_int e_type, e_keylen, a_type, a_keylen, flags;
	2531	u_int32_t l_alloc;
	2532	u_int64_t l_bytes, l_addtime, l_usetime;
	2533	u_int32_t seq;
	2534	u_int8_t l_natt_type;
	2535	u_int16_t l_natt_sport, l_natt_dport;
	2536	struct sockaddr *l_natt_oa;
	2537	u_int16_t l_natt_frag;
	2538	{
	2539	struct pfkey_send_sa_args psaa;
	2540
	2541	memset(&psaa, 0, sizeof(psaa));
	2542	psaa.so = so;
	2543	psaa.type = SADB_UPDATE;
	2544	psaa.satype = satype;
	2545	psaa.mode = mode;
	2546	psaa.wsize = wsize;
	2547	psaa.src = src;
	2548	psaa.dst = dst;
	2549	psaa.spi = spi;
	2550	psaa.reqid = reqid;
	2551	psaa.keymat = keymat;
	2552	psaa.e_type = e_type;
	2553	psaa.e_keylen = e_keylen;
	2554	psaa.a_type = a_type;
	2555	psaa.a_keylen = a_keylen;
	2556	psaa.flags = flags;
	2557	psaa.l_alloc = l_alloc;
	2558	psaa.l_bytes = l_bytes;
	2559	psaa.l_addtime = l_addtime;
	2560	psaa.l_usetime = l_usetime;
	2561	psaa.seq = seq;
	2562	psaa.l_natt_type = l_natt_type;
	2563	psaa.l_natt_sport = l_natt_sport;
	2564	psaa.l_natt_dport = l_natt_dport;
	2565	psaa.l_natt_oa = l_natt_oa;
	2566	psaa.l_natt_frag = l_natt_frag;
	2567
	2568	return pfkey_send_update2(&psaa);
	2569	}
	2570
	2571	int
	2572	pfkey_send_add(so, satype, mode, src, dst, spi, reqid, wsize,
	2573	keymat, e_type, e_keylen, a_type, a_keylen, flags,
	2574	l_alloc, l_bytes, l_addtime, l_usetime, seq)
	2575	int so;
	2576	u_int satype, mode, wsize;
	2577	struct sockaddr src, dst;
	2578	u_int32_t spi, reqid;
	2579	caddr_t keymat;
	2580	u_int e_type, e_keylen, a_type, a_keylen, flags;
	2581	u_int32_t l_alloc;
	2582	u_int64_t l_bytes, l_addtime, l_usetime;
	2583	u_int32_t seq;
	2584	{
	2585	struct pfkey_send_sa_args psaa;
	2586
	2587	memset(&psaa, 0, sizeof(psaa));
	2588	psaa.so = so;
	2589	psaa.type = SADB_ADD;
	2590	psaa.satype = satype;
	2591	psaa.mode = mode;
	2592	psaa.wsize = wsize;
	2593	psaa.src = src;
	2594	psaa.dst = dst;
	2595	psaa.spi = spi;
	2596	psaa.reqid = reqid;
	2597	psaa.keymat = keymat;
	2598	psaa.e_type = e_type;
	2599	psaa.e_keylen = e_keylen;
	2600	psaa.a_type = a_type;
	2601	psaa.a_keylen = a_keylen;
	2602	psaa.flags = flags;
	2603	psaa.l_alloc = l_alloc;
	2604	psaa.l_bytes = l_bytes;
	2605	psaa.l_addtime = l_addtime;
	2606	psaa.l_usetime = l_usetime;
	2607	psaa.seq = seq;
	2608
	2609	return pfkey_send_add2(&psaa);
	2610	}
	2611
	2612	int
	2613	pfkey_send_add_nat(so, satype, mode, src, dst, spi, reqid, wsize,
	2614	keymat, e_type, e_keylen, a_type, a_keylen, flags,
	2615	l_alloc, l_bytes, l_addtime, l_usetime, seq,
	2616	l_natt_type, l_natt_sport, l_natt_dport, l_natt_oa,
	2617	l_natt_frag)
	2618	int so;
	2619	u_int satype, mode, wsize;
	2620	struct sockaddr src, dst;
	2621	u_int32_t spi, reqid;
	2622	caddr_t keymat;
	2623	u_int e_type, e_keylen, a_type, a_keylen, flags;
	2624	u_int32_t l_alloc;
	2625	u_int64_t l_bytes, l_addtime, l_usetime;
	2626	u_int32_t seq;
	2627	u_int8_t l_natt_type;
	2628	u_int16_t l_natt_sport, l_natt_dport;
	2629	struct sockaddr *l_natt_oa;
	2630	u_int16_t l_natt_frag;
	2631	{
	2632	struct pfkey_send_sa_args psaa;
	2633
	2634	memset(&psaa, 0, sizeof(psaa));
	2635	psaa.so = so;
	2636	psaa.type = SADB_ADD;
	2637	psaa.satype = satype;
	2638	psaa.mode = mode;
	2639	psaa.wsize = wsize;
	2640	psaa.src = src;
	2641	psaa.dst = dst;
	2642	psaa.spi = spi;
	2643	psaa.reqid = reqid;
	2644	psaa.keymat = keymat;
	2645	psaa.e_type = e_type;
	2646	psaa.e_keylen = e_keylen;
	2647	psaa.a_type = a_type;
	2648	&nb