summaryrefslogtreecommitdiffstats
path: root/sys/net
diff options
context:
space:
mode:
Diffstat (limited to 'sys/net')
-rw-r--r--sys/net/pfkeyv2.c100
-rw-r--r--sys/net/pfkeyv2.h31
-rw-r--r--sys/net/pfkeyv2_convert.c132
-rw-r--r--sys/net/pfkeyv2_parsemessage.c80
4 files changed, 11 insertions, 332 deletions
diff --git a/sys/net/pfkeyv2.c b/sys/net/pfkeyv2.c
index bcc9b67d137..b29f50e0c88 100644
--- a/sys/net/pfkeyv2.c
+++ b/sys/net/pfkeyv2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.c,v 1.140 2015/04/13 08:45:48 mpi Exp $ */
+/* $OpenBSD: pfkeyv2.c,v 1.141 2015/04/14 12:22:15 mikeb Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
@@ -529,18 +529,6 @@ pfkeyv2_get(struct tdb *sa, void **headers, void **buffer, int *lenp)
if (sa->tdb_dstid)
i += sizeof(struct sadb_ident) + PADUP(sa->tdb_dstid->ref_len);
- if (sa->tdb_local_cred)
- i += sizeof(struct sadb_x_cred) + PADUP(sa->tdb_local_cred->ref_len);
-
- if (sa->tdb_remote_cred)
- i += sizeof(struct sadb_x_cred) + PADUP(sa->tdb_remote_cred->ref_len);
-
- if (sa->tdb_local_auth)
- i += sizeof(struct sadb_x_cred) + PADUP(sa->tdb_local_auth->ref_len);
-
- if (sa->tdb_remote_auth)
- i += sizeof(struct sadb_x_cred) + PADUP(sa->tdb_remote_auth->ref_len);
-
if (sa->tdb_amxkey)
i += sizeof(struct sadb_key) + PADUP(sa->tdb_amxkeylen);
@@ -637,28 +625,6 @@ pfkeyv2_get(struct tdb *sa, void **headers, void **buffer, int *lenp)
export_identity(&p, sa, PFKEYV2_IDENTITY_DST);
}
- /* Export credentials, if present */
- if (sa->tdb_local_cred) {
- headers[SADB_X_EXT_LOCAL_CREDENTIALS] = p;
- export_credentials(&p, sa, PFKEYV2_CRED_LOCAL);
- }
-
- if (sa->tdb_remote_cred) {
- headers[SADB_X_EXT_REMOTE_CREDENTIALS] = p;
- export_credentials(&p, sa, PFKEYV2_CRED_REMOTE);
- }
-
- /* Export authentication information, if present */
- if (sa->tdb_local_auth) {
- headers[SADB_X_EXT_LOCAL_AUTH] = p;
- export_auth(&p, sa, PFKEYV2_AUTH_LOCAL);
- }
-
- if (sa->tdb_remote_auth) {
- headers[SADB_X_EXT_REMOTE_AUTH] = p;
- export_auth(&p, sa, PFKEYV2_AUTH_REMOTE);
- }
-
/* Export authentication key, if present */
if (sa->tdb_amxkey) {
headers[SADB_EXT_KEY_AUTH] = p;
@@ -1033,16 +999,6 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
PFKEYV2_IDENTITY_SRC);
import_identity(newsa, headers[SADB_EXT_IDENTITY_DST],
PFKEYV2_IDENTITY_DST);
- import_credentials(newsa,
- headers[SADB_X_EXT_LOCAL_CREDENTIALS],
- PFKEYV2_CRED_LOCAL);
- import_credentials(newsa,
- headers[SADB_X_EXT_REMOTE_CREDENTIALS],
- PFKEYV2_CRED_REMOTE);
- import_auth(newsa, headers[SADB_X_EXT_LOCAL_AUTH],
- PFKEYV2_AUTH_LOCAL);
- import_auth(newsa, headers[SADB_X_EXT_REMOTE_AUTH],
- PFKEYV2_AUTH_REMOTE);
import_flow(&newsa->tdb_filter, &newsa->tdb_filtermask,
headers[SADB_X_EXT_SRC_FLOW],
headers[SADB_X_EXT_SRC_MASK],
@@ -1200,16 +1156,6 @@ pfkeyv2_send(struct socket *socket, void *message, int len)
import_identity(newsa, headers[SADB_EXT_IDENTITY_DST],
PFKEYV2_IDENTITY_DST);
- import_credentials(newsa,
- headers[SADB_X_EXT_LOCAL_CREDENTIALS],
- PFKEYV2_CRED_LOCAL);
- import_credentials(newsa,
- headers[SADB_X_EXT_REMOTE_CREDENTIALS],
- PFKEYV2_CRED_REMOTE);
- import_auth(newsa, headers[SADB_X_EXT_LOCAL_AUTH],
- PFKEYV2_AUTH_LOCAL);
- import_auth(newsa, headers[SADB_X_EXT_REMOTE_AUTH],
- PFKEYV2_AUTH_REMOTE);
import_flow(&newsa->tdb_filter, &newsa->tdb_filtermask,
headers[SADB_X_EXT_SRC_FLOW],
headers[SADB_X_EXT_SRC_MASK],
@@ -1863,7 +1809,6 @@ pfkeyv2_acquire(struct ipsec_policy *ipo, union sockaddr_union *gw,
{
void *p, *headers[SADB_EXT_MAX + 1], *buffer = NULL;
struct sadb_ident *srcid, *dstid;
- struct sadb_x_cred *lcred, *lauth;
struct sadb_comb *sadb_comb;
struct sadb_address *sadd;
struct sadb_prop *sa_prop;
@@ -1891,12 +1836,6 @@ pfkeyv2_acquire(struct ipsec_policy *ipo, union sockaddr_union *gw,
if (ipo->ipo_dstid)
i += sizeof(struct sadb_ident) + PADUP(ipo->ipo_dstid->ref_len);
- if (ipo->ipo_local_cred)
- i += sizeof(struct sadb_x_cred) + PADUP(ipo->ipo_local_cred->ref_len);
-
- if (ipo->ipo_local_auth)
- i += sizeof(struct sadb_x_cred) + PADUP(ipo->ipo_local_auth->ref_len);
-
/* Allocate */
if (!(p = malloc(i, M_PFKEY, M_NOWAIT | M_ZERO))) {
rval = ENOMEM;
@@ -1964,43 +1903,6 @@ pfkeyv2_acquire(struct ipsec_policy *ipo, union sockaddr_union *gw,
sizeof(struct sadb_ident), ipo->ipo_dstid->ref_len);
}
- if (ipo->ipo_local_cred) {
- headers[SADB_X_EXT_LOCAL_CREDENTIALS] = p;
- p += sizeof(struct sadb_x_cred) + PADUP(ipo->ipo_local_cred->ref_len);
- lcred = (struct sadb_x_cred *) headers[SADB_X_EXT_LOCAL_CREDENTIALS];
- lcred->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +
- PADUP(ipo->ipo_local_cred->ref_len)) / sizeof(u_int64_t);
- switch (ipo->ipo_local_cred->ref_type) {
- case IPSP_CRED_KEYNOTE:
- lcred->sadb_x_cred_type = SADB_X_CREDTYPE_KEYNOTE;
- break;
- case IPSP_CRED_X509:
- lcred->sadb_x_cred_type = SADB_X_CREDTYPE_X509;
- break;
- }
- bcopy(ipo->ipo_local_cred + 1, headers[SADB_X_EXT_LOCAL_CREDENTIALS] +
- sizeof(struct sadb_x_cred), ipo->ipo_local_cred->ref_len);
- }
-
- if (ipo->ipo_local_auth) {
- headers[SADB_X_EXT_LOCAL_AUTH] = p;
- p += sizeof(struct sadb_x_cred) + PADUP(ipo->ipo_local_auth->ref_len);
- lauth = (struct sadb_x_cred *) headers[SADB_X_EXT_LOCAL_AUTH];
- lauth->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +
- PADUP(ipo->ipo_local_auth->ref_len)) / sizeof(u_int64_t);
- switch (ipo->ipo_local_auth->ref_type) {
- case IPSP_AUTH_PASSPHRASE:
- lauth->sadb_x_cred_type = SADB_X_AUTHTYPE_PASSPHRASE;
- break;
- case IPSP_AUTH_RSA:
- lauth->sadb_x_cred_type = SADB_X_AUTHTYPE_RSA;
- break;
- }
-
- bcopy(ipo->ipo_local_auth + 1, headers[SADB_X_EXT_LOCAL_AUTH] +
- sizeof(struct sadb_x_cred), ipo->ipo_local_auth->ref_len);
- }
-
headers[SADB_EXT_PROPOSAL] = p;
p += sizeof(struct sadb_prop);
sa_prop = (struct sadb_prop *) headers[SADB_EXT_PROPOSAL];
diff --git a/sys/net/pfkeyv2.h b/sys/net/pfkeyv2.h
index cf915b3cfb7..7ffab950ab8 100644
--- a/sys/net/pfkeyv2.h
+++ b/sys/net/pfkeyv2.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2.h,v 1.65 2014/12/28 10:02:37 tedu Exp $ */
+/* $OpenBSD: pfkeyv2.h,v 1.66 2015/04/14 12:22:15 mikeb Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) January 1998
*
@@ -199,13 +199,6 @@ struct sadb_x_policy {
u_int32_t sadb_x_policy_seq;
};
-struct sadb_x_cred {
- uint16_t sadb_x_cred_len;
- uint16_t sadb_x_cred_exttype;
- uint16_t sadb_x_cred_type;
- uint16_t sadb_x_cred_reserved;
-};
-
struct sadb_x_udpencap {
uint16_t sadb_x_udpencap_len;
uint16_t sadb_x_udpencap_exttype;
@@ -365,24 +358,6 @@ struct sadb_x_tap {
#define PFKEYV2_SENDMESSAGE_BROADCAST 3
#endif /* _KERNEL */
-#define SADB_X_CREDTYPE_NONE 0
-#define SADB_X_CREDTYPE_X509 1 /* ASN1 encoding of the certificate */
-#define SADB_X_CREDTYPE_KEYNOTE 2 /* NUL-terminated buffer */
-#define SADB_X_CREDTYPE_MAX 3
-
-#ifdef _KERNEL
-#define PFKEYV2_AUTH_LOCAL 0
-#define PFKEYV2_AUTH_REMOTE 1
-
-#define PFKEYV2_CRED_LOCAL 0
-#define PFKEYV2_CRED_REMOTE 1
-#endif /* _KERNEL */
-
-#define SADB_X_AUTHTYPE_NONE 0
-#define SADB_X_AUTHTYPE_PASSPHRASE 1
-#define SADB_X_AUTHTYPE_RSA 2
-#define SADB_X_AUTHTYPE_MAX 2
-
#define SADB_X_FLOW_TYPE_USE 1
#define SADB_X_FLOW_TYPE_ACQUIRE 2
#define SADB_X_FLOW_TYPE_REQUIRE 3
@@ -452,22 +427,18 @@ int pfdatatopacket(void *, int, struct mbuf **);
void export_address(void **, struct sockaddr *);
void export_identity(void **, struct tdb *, int);
void export_lifetime(void **, struct tdb *, int);
-void export_credentials(void **, struct tdb *, int);
void export_sa(void **, struct tdb *);
void export_flow(void **, u_int8_t, struct sockaddr_encap *,
struct sockaddr_encap *, void **);
void export_key(void **, struct tdb *, int);
-void export_auth(void **, struct tdb *, int);
void export_udpencap(void **, struct tdb *);
void export_tag(void **, struct tdb *);
void export_tap(void **, struct tdb *);
-void import_auth(struct tdb *, struct sadb_x_cred *, int);
void import_address(struct sockaddr *, struct sadb_address *);
void import_identity(struct tdb *, struct sadb_ident *, int);
void import_key(struct ipsecinit *, struct sadb_key *, int);
void import_lifetime(struct tdb *, struct sadb_lifetime *, int);
-void import_credentials(struct tdb *, struct sadb_x_cred *, int);
void import_sa(struct tdb *, struct sadb_sa *, struct ipsecinit *);
void import_flow(struct sockaddr_encap *, struct sockaddr_encap *,
struct sadb_address *, struct sadb_address *, struct sadb_address *,
diff --git a/sys/net/pfkeyv2_convert.c b/sys/net/pfkeyv2_convert.c
index 95e6429cd7d..08cf583aa04 100644
--- a/sys/net/pfkeyv2_convert.c
+++ b/sys/net/pfkeyv2_convert.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2_convert.c,v 1.47 2015/02/06 03:04:49 blambert Exp $ */
+/* $OpenBSD: pfkeyv2_convert.c,v 1.48 2015/04/14 12:22:15 mikeb Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@keromytis.org)
*
@@ -700,82 +700,6 @@ export_address(void **p, struct sockaddr *sa)
}
/*
- * Import authentication information into the TDB.
- */
-void
-import_auth(struct tdb *tdb, struct sadb_x_cred *sadb_auth, int dstauth)
-{
- struct ipsec_ref **ipr;
-
- if (!sadb_auth)
- return;
-
- if (dstauth == PFKEYV2_AUTH_REMOTE)
- ipr = &tdb->tdb_remote_auth;
- else
- ipr = &tdb->tdb_local_auth;
-
- *ipr = malloc(EXTLEN(sadb_auth) - sizeof(struct sadb_x_cred) +
- sizeof(struct ipsec_ref), M_CREDENTIALS, M_WAITOK);
- (*ipr)->ref_len = EXTLEN(sadb_auth) - sizeof(struct sadb_x_cred);
-
- switch (sadb_auth->sadb_x_cred_type) {
- case SADB_X_AUTHTYPE_PASSPHRASE:
- (*ipr)->ref_type = IPSP_AUTH_PASSPHRASE;
- break;
- case SADB_X_AUTHTYPE_RSA:
- (*ipr)->ref_type = IPSP_AUTH_RSA;
- break;
- default:
- free(*ipr, M_CREDENTIALS, 0);
- *ipr = NULL;
- return;
- }
- (*ipr)->ref_count = 1;
- (*ipr)->ref_malloctype = M_CREDENTIALS;
- bcopy((void *) sadb_auth + sizeof(struct sadb_x_cred),
- (*ipr) + 1, (*ipr)->ref_len);
-}
-
-/*
- * Import a set of credentials into the TDB.
- */
-void
-import_credentials(struct tdb *tdb, struct sadb_x_cred *sadb_cred, int dstcred)
-{
- struct ipsec_ref **ipr;
-
- if (!sadb_cred)
- return;
-
- if (dstcred == PFKEYV2_CRED_REMOTE)
- ipr = &tdb->tdb_remote_cred;
- else
- ipr = &tdb->tdb_local_cred;
-
- *ipr = malloc(EXTLEN(sadb_cred) - sizeof(struct sadb_x_cred) +
- sizeof(struct ipsec_ref), M_CREDENTIALS, M_WAITOK);
- (*ipr)->ref_len = EXTLEN(sadb_cred) - sizeof(struct sadb_x_cred);
-
- switch (sadb_cred->sadb_x_cred_type) {
- case SADB_X_CREDTYPE_X509:
- (*ipr)->ref_type = IPSP_CRED_X509;
- break;
- case SADB_X_CREDTYPE_KEYNOTE:
- (*ipr)->ref_type = IPSP_CRED_KEYNOTE;
- break;
- default:
- free(*ipr, M_CREDENTIALS, 0);
- *ipr = NULL;
- return;
- }
- (*ipr)->ref_count = 1;
- (*ipr)->ref_malloctype = M_CREDENTIALS;
- bcopy((void *) sadb_cred + sizeof(struct sadb_x_cred),
- (*ipr) + 1, (*ipr)->ref_len);
-}
-
-/*
* Import an identity payload into the TDB.
*/
void
@@ -820,60 +744,6 @@ import_identity(struct tdb *tdb, struct sadb_ident *sadb_ident, int type)
}
void
-export_credentials(void **p, struct tdb *tdb, int dstcred)
-{
- struct ipsec_ref **ipr;
- struct sadb_x_cred *sadb_cred = (struct sadb_x_cred *) *p;
-
- if (dstcred == PFKEYV2_CRED_REMOTE)
- ipr = &tdb->tdb_remote_cred;
- else
- ipr = &tdb->tdb_local_cred;
-
- sadb_cred->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +
- PADUP((*ipr)->ref_len)) / sizeof(uint64_t);
-
- switch ((*ipr)->ref_type) {
- case IPSP_CRED_KEYNOTE:
- sadb_cred->sadb_x_cred_type = SADB_X_CREDTYPE_KEYNOTE;
- break;
- case IPSP_CRED_X509:
- sadb_cred->sadb_x_cred_type = SADB_X_CREDTYPE_X509;
- break;
- }
- *p += sizeof(struct sadb_x_cred);
- bcopy((*ipr) + 1, *p, (*ipr)->ref_len);
- *p += PADUP((*ipr)->ref_len);
-}
-
-void
-export_auth(void **p, struct tdb *tdb, int dstauth)
-{
- struct ipsec_ref **ipr;
- struct sadb_x_cred *sadb_auth = (struct sadb_x_cred *) *p;
-
- if (dstauth == PFKEYV2_AUTH_REMOTE)
- ipr = &tdb->tdb_remote_auth;
- else
- ipr = &tdb->tdb_local_auth;
-
- sadb_auth->sadb_x_cred_len = (sizeof(struct sadb_x_cred) +
- PADUP((*ipr)->ref_len)) / sizeof(uint64_t);
-
- switch ((*ipr)->ref_type) {
- case IPSP_AUTH_PASSPHRASE:
- sadb_auth->sadb_x_cred_type = SADB_X_AUTHTYPE_PASSPHRASE;
- break;
- case IPSP_AUTH_RSA:
- sadb_auth->sadb_x_cred_type = SADB_X_AUTHTYPE_RSA;
- break;
- }
- *p += sizeof(struct sadb_x_cred);
- bcopy((*ipr) + 1, *p, (*ipr)->ref_len);
- *p += PADUP((*ipr)->ref_len);
-}
-
-void
export_identity(void **p, struct tdb *tdb, int type)
{
struct ipsec_ref **ipr;
diff --git a/sys/net/pfkeyv2_parsemessage.c b/sys/net/pfkeyv2_parsemessage.c
index b8aef48d779..433b9313cc5 100644
--- a/sys/net/pfkeyv2_parsemessage.c
+++ b/sys/net/pfkeyv2_parsemessage.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.48 2015/03/26 12:21:37 mikeb Exp $ */
+/* $OpenBSD: pfkeyv2_parsemessage.c,v 1.49 2015/04/14 12:22:15 mikeb Exp $ */
/*
* @(#)COPYRIGHT 1.1 (NRL) 17 January 1995
@@ -119,11 +119,6 @@
#define BITMAP_X_SA2 (1LL << SADB_X_EXT_SA2)
#define BITMAP_X_DST2 (1LL << SADB_X_EXT_DST2)
#define BITMAP_X_POLICY (1LL << SADB_X_EXT_POLICY)
-#define BITMAP_X_LOCAL_CREDENTIALS (1LL << SADB_X_EXT_LOCAL_CREDENTIALS)
-#define BITMAP_X_REMOTE_CREDENTIALS (1LL << SADB_X_EXT_REMOTE_CREDENTIALS)
-#define BITMAP_X_LOCAL_AUTH (1LL << SADB_X_EXT_LOCAL_AUTH)
-#define BITMAP_X_REMOTE_AUTH (1LL << SADB_X_EXT_REMOTE_AUTH)
-#define BITMAP_X_CREDENTIALS (BITMAP_X_LOCAL_CREDENTIALS | BITMAP_X_REMOTE_CREDENTIALS | BITMAP_X_LOCAL_AUTH | BITMAP_X_REMOTE_AUTH)
#define BITMAP_X_FLOW (BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_FLOW_TYPE)
#define BITMAP_X_SUPPORTED_COMP (1LL << SADB_X_EXT_SUPPORTED_COMP)
#define BITMAP_X_UDPENCAP (1LL << SADB_X_EXT_UDPENCAP)
@@ -138,15 +133,15 @@ uint64_t sadb_exts_allowed_in[SADB_MAX+1] =
/* GETSPI */
BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_SPIRANGE,
/* UPDATE */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
/* ADD */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_TAG | BITMAP_X_TAP,
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_TAG | BITMAP_X_TAP,
/* DELETE */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
/* GET */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
/* ACQUIRE */
- BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL | BITMAP_X_CREDENTIALS,
+ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL,
/* REGISTER */
0,
/* EXPIRE */
@@ -210,15 +205,15 @@ uint64_t sadb_exts_allowed_out[SADB_MAX+1] =
/* GETSPI */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
/* UPDATE */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
/* ADD */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_IDENTITY | BITMAP_X_FLOW | BITMAP_X_UDPENCAP | BITMAP_X_TAG | BITMAP_X_TAP,
/* DELETE */
BITMAP_SA | BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST,
/* GET */
- BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_CREDENTIALS | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | BITMAP_X_TAP,
+ BITMAP_SA | BITMAP_LIFETIME | BITMAP_ADDRESS | BITMAP_KEY | BITMAP_IDENTITY | BITMAP_X_UDPENCAP | BITMAP_X_LIFETIME_LASTUSE | BITMAP_X_SRC_MASK | BITMAP_X_DST_MASK | BITMAP_X_PROTOCOL | BITMAP_X_FLOW_TYPE | BITMAP_X_SRC_FLOW | BITMAP_X_DST_FLOW | BITMAP_X_TAG | BITMAP_X_TAP,
/* ACQUIRE */
- BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL | BITMAP_X_CREDENTIALS,
+ BITMAP_ADDRESS_SRC | BITMAP_ADDRESS_DST | BITMAP_IDENTITY | BITMAP_PROPOSAL,
/* REGISTER */
BITMAP_SUPPORTED_AUTH | BITMAP_SUPPORTED_ENCRYPT | BITMAP_X_SUPPORTED_COMP,
/* EXPIRE */
@@ -653,65 +648,6 @@ pfkeyv2_parsemessage(void *p, int len, void **headers)
}
}
break;
- case SADB_X_EXT_LOCAL_AUTH:
- case SADB_X_EXT_REMOTE_AUTH:
- {
- struct sadb_x_cred *sadb_cred =
- (struct sadb_x_cred *)p;
-
- if (i < sizeof(struct sadb_x_cred)) {
- DPRINTF(("pfkeyv2_parsemessage: bad header "
- "length for AUTH extension header %d\n",
- sadb_ext->sadb_ext_type));
- return (EINVAL);
- }
-
- if (sadb_cred->sadb_x_cred_type > SADB_X_AUTHTYPE_MAX) {
- DPRINTF(("pfkeyv2_parsemessage: unknown auth "
- "type %d in AUTH extension header %d\n",
- sadb_cred->sadb_x_cred_type,
- sadb_ext->sadb_ext_type));
- return (EINVAL);
- }
-
- if (sadb_cred->sadb_x_cred_reserved) {
- DPRINTF(("pfkeyv2_parsemessage: reserved field"
- " set in AUTH extension header %d\n",
- sadb_ext->sadb_ext_type));
- return (EINVAL);
- }
- }
- break;
- case SADB_X_EXT_LOCAL_CREDENTIALS:
- case SADB_X_EXT_REMOTE_CREDENTIALS:
- {
- struct sadb_x_cred *sadb_cred =
- (struct sadb_x_cred *)p;
-
- if (i < sizeof(struct sadb_x_cred)) {
- DPRINTF(("pfkeyv2_parsemessage: bad header "
- "length of CREDENTIALS extension header "
- "%d\n", sadb_ext->sadb_ext_type));
- return (EINVAL);
- }
-
- if (sadb_cred->sadb_x_cred_type > SADB_X_CREDTYPE_MAX) {
- DPRINTF(("pfkeyv2_parsemessage: unknown "
- "credential type %d in CREDENTIALS "
- "extension header %d\n",
- sadb_cred->sadb_x_cred_type,
- sadb_ext->sadb_ext_type));
- return (EINVAL);
- }
-
- if (sadb_cred->sadb_x_cred_reserved) {
- DPRINTF(("pfkeyv2_parsemessage: reserved "
- "field set in CREDENTIALS extension "
- "header %d\n", sadb_ext->sadb_ext_type));
- return (EINVAL);
- }
- }
- break;
case SADB_EXT_IDENTITY_SRC:
case SADB_EXT_IDENTITY_DST:
{
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.