UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)

ok deraadt@
author: markus <markus@openbsd.org> 2003-12-02 23:16:28 +0000
committer: markus <markus@openbsd.org> 2003-12-02 23:16:28 +0000
commit: ed4bea918660fb0a9e5e49ccec72879cd9a917f7 (patch)
tree: e54f58cceab9ddebf76b93faf2402e1d59fe361c /sys/net/pfkeyv2.c
parent: delete nasty mickey change (diff)
download: wireguard-openbsd-ed4bea918660fb0a9e5e49ccec72879cd9a917f7.tar.xz
wireguard-openbsd-ed4bea918660fb0a9e5e49ccec72879cd9a917f7.zip
1 files changed, 28 insertions, 1 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index adb21e2f068..91ffab60299 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.89 2003/07/24 09:59:02 itojun Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.90 2003/12/02 23:16:29 markus Exp $ */
 
 /*
  *	@(#)COPYRIGHT	1.1 (NRL) 17 January 1995
@@ -542,6 +542,9 @@ pfkeyv2_get(struct tdb *sa, void **headers, void **buffer)
 	if (sa->tdb_emxkey)
 		i+= PADUP(sa->tdb_emxkeylen) + sizeof(struct sadb_key);
 
+	if (sa->tdb_udpencap_port)
+		i+= sizeof(struct sadb_x_udpencap);
+
 	if (!(p = malloc(i, M_PFKEY, M_DONTWAIT))) {
 		rval = ENOMEM;
 		goto ret;
@@ -630,6 +633,12 @@ pfkeyv2_get(struct tdb *sa, void **headers, void **buffer)
 		export_key(&p, sa, PFKEYV2_ENCRYPTION_KEY);
 	}
 
+	/* Export UDP encapsulation port, if present */
+	if (sa->tdb_udpencap_port) {
+		headers[SADB_X_EXT_UDPENCAP] = p;
+		export_udpencap(&p, sa);
+	}
+
 	rval = 0;
 
  ret:
@@ -895,6 +904,12 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 			rval = EINVAL;
 			goto ret;
 		}
+		/* UDP encapsulation is only supported for ESP */
+		if (smsg->sadb_msg_satype != SADB_SATYPE_ESP &&
+		    headers[SADB_X_EXT_UDPENCAP]) {
+			rval = EINVAL;
+			goto ret;
+		}
 
 		s = spltdb();
 
@@ -965,6 +980,8 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 			    headers[SADB_X_EXT_DST_MASK],
 			    headers[SADB_X_EXT_PROTOCOL],
 			    headers[SADB_X_EXT_FLOW_TYPE]);
+			import_udpencap(newsa,
+			    headers[SADB_X_EXT_UDPENCAP]);
 
 			headers[SADB_EXT_KEY_AUTH] = NULL;
 			headers[SADB_EXT_KEY_ENCRYPT] = NULL;
@@ -1010,6 +1027,8 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 			    PFKEYV2_LIFETIME_SOFT);
 			import_lifetime(sa2, headers[SADB_EXT_LIFETIME_HARD],
 			    PFKEYV2_LIFETIME_HARD);
+			import_udpencap(sa2,
+			    headers[SADB_X_EXT_UDPENCAP]);
 		}
 
 		splx(s);
@@ -1035,6 +1054,12 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 			rval = EINVAL;
 			goto ret;
 		}
+		/* UDP encapsulation is only supported for ESP */
+		if (smsg->sadb_msg_satype != SADB_SATYPE_ESP &&
+		    headers[SADB_X_EXT_UDPENCAP]) {
+			rval = EINVAL;
+			goto ret;
+		}
 
 		s = spltdb();
 
@@ -1111,6 +1136,8 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
 			    headers[SADB_X_EXT_DST_MASK],
 			    headers[SADB_X_EXT_PROTOCOL],
 			    headers[SADB_X_EXT_FLOW_TYPE]);
+			import_udpencap(newsa,
+			    headers[SADB_X_EXT_UDPENCAP]);
 
 			headers[SADB_EXT_KEY_AUTH] = NULL;
 			headers[SADB_EXT_KEY_ENCRYPT] = NULL;
author	markus <markus@openbsd.org>	2003-12-02 23:16:28 +0000
committer	markus <markus@openbsd.org>	2003-12-02 23:16:28 +0000
commit	ed4bea918660fb0a9e5e49ccec72879cd9a917f7 (patch)
tree	e54f58cceab9ddebf76b93faf2402e1d59fe361c /sys/net/pfkeyv2.c
parent	delete nasty mickey change (diff)
download	wireguard-openbsd-ed4bea918660fb0a9e5e49ccec72879cd9a917f7.tar.xz wireguard-openbsd-ed4bea918660fb0a9e5e49ccec72879cd9a917f7.zip