CVS commit: [netbsd-8] src

["Martin Husemann" <martin%netbsd.org@localhost>]

Module Name:    src
Committed By:   martin
Date:           Thu Jul 25 08:58:21 UTC 2019

Modified Files:
        src/crypto/dist/ipsec-tools/src/setkey [netbsd-8]: parse.y token.l
        src/sys/netipsec [netbsd-8]: key.c
        src/tests/net/ipsec [netbsd-8]: t_ipsec_misc.sh

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #1306):

        crypto/dist/ipsec-tools/src/setkey/parse.y: revision 1.23
        sys/netipsec/key.c: revision 1.265
        crypto/dist/ipsec-tools/src/setkey/token.l: revision 1.23
        tests/net/ipsec/t_ipsec_misc.sh: revision 1.23

ipsec: fix a regression of the update API

The update API updates an SA by creating a new SA and removing an existing SA.
The previous change removed a newly added SA wrongly if an existing SA had been
created by the getspi API.

setkey: enable to use the getspi API

If a specified SPI is not zero, tell the kernel to use the SPI by using
SADB_EXT_SPIRANGE.  Otherwise, the kernel picks a random SPI.

It enables to mimic racoon.

tests: add tests for getspi and udpate


To generate a diff of this commit:
cvs rdiff -u -r1.18.4.1 -r1.18.4.2 \
    src/crypto/dist/ipsec-tools/src/setkey/parse.y
cvs rdiff -u -r1.19.8.1 -r1.19.8.2 \
    src/crypto/dist/ipsec-tools/src/setkey/token.l
cvs rdiff -u -r1.163.2.11 -r1.163.2.12 src/sys/netipsec/key.c
cvs rdiff -u -r1.6.2.3 -r1.6.2.4 src/tests/net/ipsec/t_ipsec_misc.sh

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.