Rename all SA groups to bundles consistently. The first kernel

commit in 2000 that introduced the features already called them SA
bundles.  The word group is taken by Diffie-Hellman, reusing it
causes confusion.
OK hshoexer@

5 files changed, 44 insertions, 44 deletions

diff --git a/sbin/ipsecctl/ipsecctl.c b/sbin/ipsecctl/ipsecctl.c
index a2819c58bcb..8cb34d04528 100644
--- a/sbin/ipsecctl/ipsecctl.c
+++ b/sbin/ipsecctl/ipsecctl.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipsecctl.c,v 1.81 2017/03/02 17:44:32 bluhm Exp $	*/
+/*	$OpenBSD: ipsecctl.c,v 1.82 2017/04/19 15:59:38 bluhm Exp $	*/
 /*
  * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
  *
@@ -48,7 +48,7 @@ void		 ipsecctl_print_port(u_int16_t, const char *);
 void		 ipsecctl_print_key(struct ipsec_key *);
 void		 ipsecctl_print_flow(struct ipsec_rule *, int);
 void		 ipsecctl_print_sa(struct ipsec_rule *, int);
-void		 ipsecctl_print_sagroup(struct ipsec_rule *, int);
+void		 ipsecctl_print_sabundle(struct ipsec_rule *, int);
 int		 ipsecctl_flush(int);
 void		 ipsecctl_get_rules(struct ipsecctl *);
 void		 ipsecctl_print_title(char *);
@@ -103,7 +103,7 @@ ipsecctl_rules(char *filename, int opts)
 	bzero(&ipsec, sizeof(ipsec));
 	ipsec.opts = opts;
 	TAILQ_INIT(&ipsec.rule_queue);
-	TAILQ_INIT(&ipsec.group_queue);
+	TAILQ_INIT(&ipsec.bundle_queue);
 
 	if (parse_rules(filename, &ipsec) < 0) {
 		warnx("Syntax error in config file: ipsec rules not loaded");
@@ -119,7 +119,7 @@ ipsecctl_rules(char *filename, int opts)
 
 	}
 
-	/* This also frees the rules in ipsec.group_queue. */
+	/* This also frees the rules in ipsec.bundle_queue. */
 	while ((rp = TAILQ_FIRST(&ipsec.rule_queue))) {
 		TAILQ_REMOVE(&ipsec.rule_queue, rp, rule_entry);
 		ipsecctl_free_rule(rp);
@@ -382,9 +382,9 @@ ipsecctl_print_sa(struct ipsec_rule *r, int opts)
 }
 
 void
-ipsecctl_print_sagroup(struct ipsec_rule *r, int opts)
+ipsecctl_print_sabundle(struct ipsec_rule *r, int opts)
 {
-	printf("[group %s to ", satype[r->proto]);
+	printf("[bundle %s to ", satype[r->proto]);
 	ipsecctl_print_addr(r->dst);
 	printf(" spi 0x%08x with %s to ", r->spi, satype[r->proto2]);
 	ipsecctl_print_addr(r->dst2);
@@ -405,8 +405,8 @@ ipsecctl_print_rule(struct ipsec_rule *r, int opts)
 		ipsecctl_print_sa(r, opts);
 	if (r->type & RULE_IKE)
 		ike_print_config(r, opts);
-	if (r->type & RULE_GROUP)
-		ipsecctl_print_sagroup(r, opts);
+	if (r->type & RULE_BUNDLE)
+		ipsecctl_print_sabundle(r, opts);
 }
 
 int
diff --git a/sbin/ipsecctl/ipsecctl.h b/sbin/ipsecctl/ipsecctl.h
index cb35cb2f817..680ed1a7d92 100644
--- a/sbin/ipsecctl/ipsecctl.h
+++ b/sbin/ipsecctl/ipsecctl.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ipsecctl.h,v 1.70 2017/04/14 18:06:28 bluhm Exp $	*/
+/*	$OpenBSD: ipsecctl.h,v 1.71 2017/04/19 15:59:38 bluhm Exp $	*/
 /*
  * Copyright (c) 2004, 2005 Hans-Joerg Hoexer <hshoexer@openbsd.org>
  *
@@ -37,7 +37,7 @@ enum {
 #define RULE_FLOW	0x01
 #define RULE_SA		0x02
 #define RULE_IKE	0x04
-#define RULE_GROUP	0x08
+#define RULE_BUNDLE	0x08
 
 enum {
 	DIRECTION_UNKNOWN, IPSEC_IN, IPSEC_OUT, IPSEC_INOUT
@@ -169,7 +169,7 @@ extern const struct ipsec_xf authxfs[];
 extern const struct ipsec_xf encxfs[];
 extern const struct ipsec_xf compxfs[];
 
-TAILQ_HEAD(dst_group_queue, ipsec_rule);
+TAILQ_HEAD(dst_bundle_queue, ipsec_rule);
 
 /* Complete state of one rule. */
 struct ipsec_rule {
@@ -212,21 +212,21 @@ struct ipsec_rule {
 	u_int32_t	 nr;
 
 	TAILQ_ENTRY(ipsec_rule) rule_entry;
-	TAILQ_ENTRY(ipsec_rule) group_entry;
-	TAILQ_ENTRY(ipsec_rule) dst_group_entry;
+	TAILQ_ENTRY(ipsec_rule) bundle_entry;
+	TAILQ_ENTRY(ipsec_rule) dst_bundle_entry;
 
-	struct dst_group_queue	dst_group_queue;
+	struct dst_bundle_queue	dst_bundle_queue;
 	char			*bundle;
 };
 
 TAILQ_HEAD(ipsec_rule_queue, ipsec_rule);
-TAILQ_HEAD(ipsec_group_queue, ipsec_rule);
+TAILQ_HEAD(ipsec_bundle_queue, ipsec_rule);
 
 struct ipsecctl {
 	u_int32_t	rule_nr;
 	int		opts;
 	struct ipsec_rule_queue rule_queue;
-	struct ipsec_group_queue group_queue;
+	struct ipsec_bundle_queue bundle_queue;
 };
 
 int	parse_rules(const char *, struct ipsecctl *);
diff --git a/sbin/ipsecctl/parse.y b/sbin/ipsecctl/parse.y
index 09612749cdd..64016a22172 100644
--- a/sbin/ipsecctl/parse.y
+++ b/sbin/ipsecctl/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.167 2017/04/14 18:06:28 bluhm Exp $	*/
+/*	$OpenBSD: parse.y,v 1.168 2017/04/19 15:59:38 bluhm Exp $	*/
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -191,7 +191,7 @@ struct ipsec_rule	*create_sa(u_int8_t, u_int8_t, struct ipsec_hosts *,
 			     struct ipsec_key *, struct ipsec_key *);
 struct ipsec_rule	*reverse_sa(struct ipsec_rule *, u_int32_t,
 			     struct ipsec_key *, struct ipsec_key *);
-struct ipsec_rule	*create_sagroup(struct ipsec_addr_wrap *, u_int8_t,
+struct ipsec_rule	*create_sabundle(struct ipsec_addr_wrap *, u_int8_t,
 			     u_int32_t, struct ipsec_addr_wrap *, u_int8_t,
 			     u_int32_t);
 struct ipsec_rule	*create_flow(u_int8_t, u_int8_t, struct ipsec_hosts *,
@@ -207,7 +207,7 @@ struct ipsec_rule	*create_ike(u_int8_t, struct ipsec_hosts *,
 			     struct ike_mode *, struct ike_mode *, u_int8_t,
 			     u_int8_t, u_int8_t, char *, char *,
 			     struct ike_auth *, char *);
-int			 add_sagroup(struct ipsec_rule *, char *);
+int			 add_sabundle(struct ipsec_rule *, char *);
 int			 get_id_type(char *);
 
 struct ipsec_transforms *ipsec_transforms;
@@ -2344,12 +2344,12 @@ validate_sa(u_int32_t spi, u_int8_t satype, struct ipsec_transforms *xfs,
 }
 
 int
-add_sagroup(struct ipsec_rule *r, char *bundle)
+add_sabundle(struct ipsec_rule *r, char *bundle)
 {
-	struct ipsec_rule	*rp, *last, *group;
+	struct ipsec_rule	*rp, *last, *sabundle;
 	int			 found = 0;
 
-	TAILQ_FOREACH(rp, &ipsec->group_queue, group_entry) {
+	TAILQ_FOREACH(rp, &ipsec->bundle_queue, bundle_entry) {
 		if ((strcmp(rp->src->name, r->src->name) == 0) &&
 		    (strcmp(rp->dst->name, r->dst->name) == 0) &&
 		    (strcmp(rp->bundle, bundle) == 0)) {
@@ -2358,20 +2358,20 @@ add_sagroup(struct ipsec_rule *r, char *bundle)
 		}
 	}
 	if (found) {
-		last = TAILQ_LAST(&rp->dst_group_queue, dst_group_queue);
-		TAILQ_INSERT_TAIL(&rp->dst_group_queue, r, dst_group_entry);
+		last = TAILQ_LAST(&rp->dst_bundle_queue, dst_bundle_queue);
+		TAILQ_INSERT_TAIL(&rp->dst_bundle_queue, r, dst_bundle_entry);
 
-		group = create_sagroup(last->dst, last->satype, last->spi,
+		sabundle = create_sabundle(last->dst, last->satype, last->spi,
 		    r->dst, r->satype, r->spi);
-		if (group == NULL)
+		if (sabundle == NULL)
 			return (1);
-		group->nr = ipsec->rule_nr++;
-		if (ipsecctl_add_rule(ipsec, group))
+		sabundle->nr = ipsec->rule_nr++;
+		if (ipsecctl_add_rule(ipsec, sabundle))
 			return (1);
 	} else {
-		TAILQ_INSERT_TAIL(&ipsec->group_queue, r, group_entry);
-		TAILQ_INIT(&r->dst_group_queue);
-		TAILQ_INSERT_TAIL(&r->dst_group_queue, r, dst_group_entry);
+		TAILQ_INSERT_TAIL(&ipsec->bundle_queue, r, bundle_entry);
+		TAILQ_INIT(&r->dst_bundle_queue);
+		TAILQ_INSERT_TAIL(&r->dst_bundle_queue, r, dst_bundle_entry);
 		r->bundle = bundle;
 	}
 
@@ -2433,16 +2433,16 @@ reverse_sa(struct ipsec_rule *rule, u_int32_t spi, struct ipsec_key *authkey,
 }
 
 struct ipsec_rule *
-create_sagroup(struct ipsec_addr_wrap *dst, u_int8_t proto, u_int32_t spi,
+create_sabundle(struct ipsec_addr_wrap *dst, u_int8_t proto, u_int32_t spi,
     struct ipsec_addr_wrap *dst2, u_int8_t proto2, u_int32_t spi2)
 {
 	struct ipsec_rule *r;
 
 	r = calloc(1, sizeof(struct ipsec_rule));
 	if (r == NULL)
-		err(1, "create_sagroup: calloc");
+		err(1, "create_sabundle: calloc");
 
-	r->type |= RULE_GROUP;
+	r->type |= RULE_BUNDLE;
 
 	r->dst = copyhost(dst);
 	r->dst2 = copyhost(dst2);
@@ -2661,7 +2661,7 @@ expand_rule(struct ipsec_rule *rule, struct ipsec_hosts *peers,
 			r->nr = ipsec->rule_nr++;
 			if (ipsecctl_add_rule(ipsec, r))
 				goto out;
-			if (bundle && add_sagroup(r, bundle))
+			if (bundle && add_sabundle(r, bundle))
 				goto out;
 
 			if (direction == IPSEC_INOUT) {
@@ -2673,7 +2673,7 @@ expand_rule(struct ipsec_rule *rule, struct ipsec_hosts *peers,
 				revr->nr = ipsec->rule_nr++;
 				if (ipsecctl_add_rule(ipsec, revr))
 					goto out;
-				if (bundle && add_sagroup(revr, bundle))
+				if (bundle && add_sabundle(revr, bundle))
 					goto out;
 			} else if (spi != 0 || authkey || enckey) {
 				/* Create and add reverse sa rule. */
@@ -2684,7 +2684,7 @@ expand_rule(struct ipsec_rule *rule, struct ipsec_hosts *peers,
 				revr->nr = ipsec->rule_nr++;
 				if (ipsecctl_add_rule(ipsec, revr))
 					goto out;
-				if (bundle && add_sagroup(revr, bundle))
+				if (bundle && add_sabundle(revr, bundle))
 					goto out;
 			}
 			added++;
diff --git a/sbin/ipsecctl/pfkdump.c b/sbin/ipsecctl/pfkdump.c
index 5073b06a23e..d4767fd6ba7 100644
--- a/sbin/ipsecctl/pfkdump.c
+++ b/sbin/ipsecctl/pfkdump.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkdump.c,v 1.45 2017/04/10 14:32:47 deraadt Exp $	*/
+/*	$OpenBSD: pfkdump.c,v 1.46 2017/04/19 15:59:38 bluhm Exp $	*/
 
 /*
  * Copyright (c) 2003 Markus Friedl.  All rights reserved.
@@ -818,7 +818,7 @@ pfkey_print_sa(struct sadb_msg *msg, int opts)
 		extensions[SADB_EXT_KEY_ENCRYPT] = NULL;
 	}
 	if (extensions[SADB_X_EXT_SA2]) {
-		r.type |= RULE_GROUP;
+		r.type |= RULE_BUNDLE;
 		sa2 = (struct sadb_sa *)extensions[SADB_X_EXT_SA2];
 		r.spi2 = ntohl(sa2->sadb_sa_spi);
 		parse_addr(extensions[SADB_X_EXT_DST2], &dst2);
diff --git a/sbin/ipsecctl/pfkey.c b/sbin/ipsecctl/pfkey.c
index 6361db928c3..d49ad4e0d2c 100644
--- a/sbin/ipsecctl/pfkey.c
+++ b/sbin/ipsecctl/pfkey.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pfkey.c,v 1.59 2017/04/18 02:29:56 deraadt Exp $	*/
+/*	$OpenBSD: pfkey.c,v 1.60 2017/04/19 15:59:38 bluhm Exp $	*/
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
  * Copyright (c) 2003, 2004 Markus Friedl <markus@openbsd.org>
@@ -51,7 +51,7 @@ static int	pfkey_sa(int, u_int8_t, u_int8_t, u_int32_t,
 		    struct ipsec_addr_wrap *, struct ipsec_addr_wrap *,
 		    struct ipsec_transforms *, struct ipsec_key *,
 		    struct ipsec_key *, u_int8_t);
-static int	pfkey_sagroup(int, u_int8_t, u_int8_t, u_int8_t,
+static int	pfkey_sabundle(int, u_int8_t, u_int8_t, u_int8_t,
 		    struct ipsec_addr_wrap *, u_int32_t,
 		    struct ipsec_addr_wrap *, u_int32_t);
 static int	pfkey_reply(int, u_int8_t **, ssize_t *);
@@ -626,7 +626,7 @@ pfkey_sa(int sd, u_int8_t satype, u_int8_t action, u_int32_t spi,
 }
 
 static int
-pfkey_sagroup(int sd, u_int8_t satype, u_int8_t satype2, u_int8_t action,
+pfkey_sabundle(int sd, u_int8_t satype, u_int8_t satype2, u_int8_t action,
     struct ipsec_addr_wrap *dst, u_int32_t spi, struct ipsec_addr_wrap *dst2,
     u_int32_t spi2)
 {
@@ -1180,7 +1180,7 @@ pfkey_ipsec_establish(int action, struct ipsec_rule *r)
 		default:
 			return -1;
 		}
-	} else if (r->type == RULE_GROUP) {
+	} else if (r->type == RULE_BUNDLE) {
 		switch (r->satype) {
 		case IPSEC_AH:
 			satype = SADB_SATYPE_AH;
@@ -1221,7 +1221,7 @@ pfkey_ipsec_establish(int action, struct ipsec_rule *r)
 		}
 		switch (action) {
 		case ACTION_ADD:
-			ret = pfkey_sagroup(fd, satype, satype2,
+			ret = pfkey_sabundle(fd, satype, satype2,
 			    SADB_X_GRPSPIS, r->dst, r->spi, r->dst2, r->spi2);
 			break;
 		case ACTION_DELETE: