Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/crypto/dist/ipsec-tools/src/setkey setkey: enable to use the...



details:   https://anonhg.NetBSD.org/src/rev/f2cbb2001adb
branches:  trunk
changeset: 1000332:f2cbb2001adb
user:      ozaki-r <ozaki-r%NetBSD.org@localhost>
date:      Tue Jul 23 04:30:32 2019 +0000

description:
setkey: enable to use the getspi API

If a specified SPI is not zero, tell the kernel to use the SPI by using
SADB_EXT_SPIRANGE.  Otherwise, the kernel picks a random SPI.

It enables to mimic racoon.

diffstat:

 crypto/dist/ipsec-tools/src/setkey/parse.y |  31 ++++++++++++++++++++++++++++-
 crypto/dist/ipsec-tools/src/setkey/token.l |   3 +-
 2 files changed, 31 insertions(+), 3 deletions(-)

diffs (83 lines):

diff -r 168fa3458dcb -r f2cbb2001adb crypto/dist/ipsec-tools/src/setkey/parse.y
--- a/crypto/dist/ipsec-tools/src/setkey/parse.y        Tue Jul 23 04:29:26 2019 +0000
+++ b/crypto/dist/ipsec-tools/src/setkey/parse.y        Tue Jul 23 04:30:32 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: parse.y,v 1.22 2018/10/14 08:27:39 maxv Exp $  */
+/*     $NetBSD: parse.y,v 1.23 2019/07/23 04:30:32 ozaki-r Exp $       */
 /*     $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $  */
 
 /*
@@ -114,7 +114,7 @@
 }
 
 %token EOT SLASH BLCL ELCL
-%token ADD UPDATE GET DELETE DELETEALL FLUSH DUMP EXIT
+%token ADD UPDATE GET GETSPI DELETE DELETEALL FLUSH DUMP EXIT
 %token PR_ESP PR_AH PR_IPCOMP PR_ESPUDP PR_TCP
 %token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
 %token F_MODE MODE F_REQID
@@ -161,6 +161,7 @@
        :       add_command
        |       update_command
        |       get_command
+       |       getspi_command
        |       delete_command
        |       deleteall_command
        |       flush_command
@@ -260,6 +261,17 @@
                }
        ;
 
+       /* getspi command */
+getspi_command
+       :       GETSPI ipaddropts ipandport ipandport protocol_spec spi extension_spec EOT
+               {
+                       int status;
+
+                       status = setkeymsg_add(SADB_GETSPI, $5, $3, $4);
+                       if (status < 0)
+                               return -1;
+               }
+
        /* flush */
 flush_command
        :       FLUSH protocol_spec EOT
@@ -1389,6 +1401,21 @@
        }
 #endif
 
+       /* SPI == 0 allows the kernel to pick a random SPI */
+       if (type == SADB_GETSPI && p_spi != 0) {
+               struct sadb_spirange spirange;
+               u_int slen = sizeof(struct sadb_spirange);
+
+               memset(&spirange, 0, sizeof(spirange));
+               spirange.sadb_spirange_len = PFKEY_UNIT64(slen);
+               spirange.sadb_spirange_exttype = SADB_EXT_SPIRANGE;
+               spirange.sadb_spirange_min = p_spi;
+               spirange.sadb_spirange_max = p_spi;
+
+               memcpy(buf + l, &spirange, slen);
+               l += slen;
+       }
+
        len = sizeof(struct sadb_sa);
        m_sa.sadb_sa_len = PFKEY_UNIT64(len);
        m_sa.sadb_sa_exttype = SADB_EXT_SA;
diff -r 168fa3458dcb -r f2cbb2001adb crypto/dist/ipsec-tools/src/setkey/token.l
--- a/crypto/dist/ipsec-tools/src/setkey/token.l        Tue Jul 23 04:29:26 2019 +0000
+++ b/crypto/dist/ipsec-tools/src/setkey/token.l        Tue Jul 23 04:30:32 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: token.l,v 1.22 2018/10/14 08:27:39 maxv Exp $  */
+/*     $NetBSD: token.l,v 1.23 2019/07/23 04:30:32 ozaki-r Exp $       */
 /*     $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $  */
 
 /*
@@ -119,6 +119,7 @@
 delete         { return(DELETE); }
 deleteall      { return(DELETEALL); }
 get            { return(GET); }
+getspi         { return(GETSPI); }
 flush          { return(FLUSH); }
 dump           { return(DUMP); }
 exit           { return(EXIT); }



Home | Main Index | Thread Index | Old Index