SPD-driven IPsec.

author: angelos <angelos@openbsd.org> 2000-09-19 03:19:39 +0000
committer: angelos <angelos@openbsd.org> 2000-09-19 03:19:39 +0000
commit: 86ca7de988c84dbfc55e71b61d25fea0d1824ae3 (patch)
tree: 0a5a6de9c74350e8cc5b6b7563d5b61059b09e69 /sys/net/pfkeyv2_parsemessage.c
parent: Display SPD entries. (diff)
download: wireguard-openbsd-86ca7de988c84dbfc55e71b61d25fea0d1824ae3.tar.xz
wireguard-openbsd-86ca7de988c84dbfc55e71b61d25fea0d1824ae3.zip
1 files changed, 13 insertions, 30 deletions
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index abd123d9696..907c26cfb61 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -27,6 +27,7 @@ you didn't get a copy, you may request one from <license@inner.net>.
 #include <sys/proc.h>
 #include <net/route.h>
 #include <netinet/in.h>
+#include <netinet/ip_ipsp.h>
 #include <net/pfkeyv2.h>
 
 #define BITMAP_SA                      (1 << SADB_EXT_SA)
@@ -52,10 +53,9 @@ you didn't get a copy, you may request one from <license@inner.net>.
 #define BITMAP_X_SRC_MASK              (1 << SADB_X_EXT_SRC_MASK)
 #define BITMAP_X_DST_MASK              (1 << SADB_X_EXT_DST_MASK)
 #define BITMAP_X_PROTOCOL              (1 << SADB_X_EXT_PROTOCOL)
-#define BITMAP_X_SA2                   (1 << SADB_X_EXT_SA2)
 #define BITMAP_X_SRC_FLOW              (1 << SADB_X_EXT_SRC_FLOW)
 #define BITMAP_X_DST_FLOW              (1 << SADB_X_EXT_DST_FLOW)
-#define BITMAP_X_DST2                  (1 << SADB_X_EXT_DST2)
+#define BITMAP_X_FLOW_TYPE             (1 << SADB_X_EXT_FLOW_TYPE)
 
 uint32_t sadb_exts_allowed_in[SADB_MAX+1] =
 {
@@ -72,7 +72,7 @@ uint32_t sadb_exts_allowed_in[SADB_MAX+1] =
   /* GET */
   BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
   /* ACQUIRE */
-  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL,
+  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK,
   /* REGISTER */
   0,
   /* EXPIRE */
@@ -84,13 +84,9 @@ uint32_t sadb_exts_allowed_in[SADB_MAX+1] =
   /* X_PROMISC */
   0,
   /* X_ADDFLOW */
-  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW,
+  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
   /* X_DELFLOW */
-  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_SA | BITMAP_ADDRESS_DST,
-  /* X_GRPSPIS */
-  BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
-  /* X_BINDSA */
-  BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL
+  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_SA | BITMAP_ADDRESS_DST | BITMAP_X_FLOW_TYPE,
 };
 
 uint32_t sadb_exts_required_in[SADB_MAX+1] =
@@ -120,13 +116,9 @@ uint32_t sadb_exts_required_in[SADB_MAX+1] =
   /* X_PROMISC */
   0,
   /* X_ADDFLOW */
-  BITMAP_ADDRESS_DST | BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW,
+  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
   /* X_DELFLOW */
-  BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW,
-  /* X_GRPSPIS */
-  BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
-  /* X_BINDSA */
-  BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL
+  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
 };
 
 uint32_t sadb_exts_allowed_out[SADB_MAX+1] =
@@ -144,7 +136,7 @@ uint32_t sadb_exts_allowed_out[SADB_MAX+1] =
   /* GET */
   BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY,
   /* ACQUIRE */
-  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL,
+  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK,
   /* REGISTER */
   BITMAP_SUPPORTED,
   /* EXPIRE */
@@ -156,13 +148,9 @@ uint32_t sadb_exts_allowed_out[SADB_MAX+1] =
   /* X_PROMISC */
   0,
   /* X_ADDFLOW */
-  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW,
+  BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
   /* X_DELFLOW */
-  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_SA | BITMAP_ADDRESS_DST,
-  /* X_GRPSPIS */
-  BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
-  /* X_BINDSA */
-  BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL
+  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_SA | BITMAP_ADDRESS_DST | BITMAP_X_FLOW_TYPE,
 };
 
 uint32_t sadb_exts_required_out[SADB_MAX+1] =
@@ -192,13 +180,9 @@ uint32_t sadb_exts_required_out[SADB_MAX+1] =
   /* X_PROMISC */
   0,
   /* X_ADDFLOW */
-  BITMAP_ADDRESS_DST | BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW,
+  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
   /* X_DELFLOW */
-  BITMAP_SA | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW,
-  /* X_GRPSPIS */
-  BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL,
-  /* X_BINDSA */
-  BITMAP_SA | BITMAP_X_SA2 | BITMAP_X_DST2 | BITMAP_ADDRESS_DST | BITMAP_X_PROTOCOL
+  BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE,
 };
 
 int pfkeyv2_parsemessage(void *, int, void **);
@@ -274,7 +258,6 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
     seen |= (1 << sadb_ext->sadb_ext_type);
 
     switch (sadb_ext->sadb_ext_type) {
-      case SADB_X_EXT_SA2:
       case SADB_EXT_SA:
 	{
 	  struct sadb_sa *sadb_sa = (struct sadb_sa *)p;
@@ -299,6 +282,7 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
 	}
 	break;
       case SADB_X_EXT_PROTOCOL:
+      case SADB_X_EXT_FLOW_TYPE:
 	if (i != sizeof(struct sadb_protocol))
 	    return EINVAL;
 	break;
@@ -312,7 +296,6 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
 	break;
       case SADB_EXT_ADDRESS_SRC:
       case SADB_EXT_ADDRESS_DST:
-      case SADB_X_EXT_DST2:
       case SADB_X_EXT_SRC_MASK:
       case SADB_X_EXT_DST_MASK:
       case SADB_X_EXT_SRC_FLOW:
author	angelos <angelos@openbsd.org>	2000-09-19 03:19:39 +0000
committer	angelos <angelos@openbsd.org>	2000-09-19 03:19:39 +0000
commit	86ca7de988c84dbfc55e71b61d25fea0d1824ae3 (patch)
tree	0a5a6de9c74350e8cc5b6b7563d5b61059b09e69 /sys/net/pfkeyv2_parsemessage.c
parent	Display SPD entries. (diff)
download	wireguard-openbsd-86ca7de988c84dbfc55e71b61d25fea0d1824ae3.tar.xz wireguard-openbsd-86ca7de988c84dbfc55e71b61d25fea0d1824ae3.zip