Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.sbin setkey: configure IPsec keys to the kernel key table
details: https://anonhg.NetBSD.org/src/rev/c4a856a7f70d
branches: trunk
changeset: 474279:c4a856a7f70d
user: itojun <itojun%NetBSD.org@localhost>
date: Fri Jul 02 17:41:23 1999 +0000
description:
setkey: configure IPsec keys to the kernel key table
(not subject to export control as itself does not contain crypto)
diffstat:
usr.sbin/Makefile | 4 +-
usr.sbin/setkey/Makefile | 39 +
usr.sbin/setkey/parse.y | 893 ++++++++++++++++++++++++++++++++++++++++++
usr.sbin/setkey/sample.cf | 103 ++++
usr.sbin/setkey/scriptdump.pl | 53 ++
usr.sbin/setkey/setkey.8 | 562 ++++++++++++++++++++++++++
usr.sbin/setkey/setkey.c | 556 ++++++++++++++++++++++++++
usr.sbin/setkey/test-pfkey.c | 507 +++++++++++++++++++++++
usr.sbin/setkey/test-policy.c | 159 +++++++
usr.sbin/setkey/token.l | 323 +++++++++++++++
usr.sbin/setkey/vchar.h | 33 +
11 files changed, 3230 insertions(+), 2 deletions(-)
diffs (truncated from 3286 to 300 lines):
diff -r a6f4fcfdf572 -r c4a856a7f70d usr.sbin/Makefile
--- a/usr.sbin/Makefile Fri Jul 02 16:55:45 1999 +0000
+++ b/usr.sbin/Makefile Fri Jul 02 17:41:23 1999 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.115 1999/07/02 11:47:12 itojun Exp $
+# $NetBSD: Makefile,v 1.116 1999/07/02 17:41:23 itojun Exp $
# from: @(#)Makefile 5.20 (Berkeley) 6/12/93
# XXX Temporary for NO_SENDMAIL and BUILD_POSTFIX
@@ -22,7 +22,7 @@
zdump zic
# IPv6
-SUBDIR+=gifconfig ifmcstat ndp rip6query route6d rtadvd traceroute6
+SUBDIR+=gifconfig ifmcstat ndp rip6query route6d rtadvd setkey traceroute6
.if !defined(NO_SENDMAIL)
SUBDIR+= sendmail
diff -r a6f4fcfdf572 -r c4a856a7f70d usr.sbin/setkey/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr.sbin/setkey/Makefile Fri Jul 02 17:41:23 1999 +0000
@@ -0,0 +1,39 @@
+# $NetBSD: Makefile,v 1.1 1999/07/02 17:41:24 itojun Exp $
+
+PROG= setkey
+SRCS= setkey.c parse.y token.l
+LDADD+= -ll -ly
+CLEANFILES+= y.tab.c y.tab.h key_test.o keytest
+YFLAGS+=
+
+CPPFLAGS+=-DIPSEC_DEBUG -DYY_NO_UNPUT -DINET6
+CPPFLAGS+=-I.
+
+#SCRIPTS= scriptdump
+
+BINOWN = root
+BINGRP = bin
+BINMODE = 555
+
+all: ${PROG} ${SCRIPTS}
+
+# FreeBSD
+#SRCS+=y.tab.h
+#y.tab.h: parse.y
+
+LDADD+= -lipsec
+DPADD+= ${LIBIPSEC}
+#CLEANFILES+= scriptdump
+
+MAN= setkey.8
+LOCALPREFIX= /usr/pkg
+
+#scriptdump: scriptdump.pl
+# sed -e 's#@LOCALPREFIX@#${LOCALPREFIX}#' < ${.CURDIR}/scriptdump.pl > scriptdump
+
+parse.c parse.h: parse.y
+ ${YACC.y} -d ${.ALLSRC}
+ mv -f y.tab.c parse.c
+ mv -f y.tab.h parse.h
+
+.include <bsd.prog.mk>
diff -r a6f4fcfdf572 -r c4a856a7f70d usr.sbin/setkey/parse.y
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/usr.sbin/setkey/parse.y Fri Jul 02 17:41:23 1999 +0000
@@ -0,0 +1,893 @@
+/*
+ * Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/* KAME $Id: parse.y,v 1.1 1999/07/02 17:41:24 itojun Exp $ */
+
+%{
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+
+#include <net/route.h>
+#include <netinet/in.h>
+#include <netkey/keyv2.h>
+#include <netkey/key_var.h>
+#include <netinet6/ipsec.h>
+#include <arpa/inet.h>
+
+#include <string.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include "vchar.h"
+
+#define ATOX(c) \
+ (isdigit(c) ? (c - '0') : (isupper(c) ? (c - 'A' + 10) : (c - 'a' + 10) ))
+
+u_int p_type;
+u_int32_t p_spi;
+struct sockaddr *p_src, *p_dst, *p_proxy;
+u_int p_ports, p_portd, p_prefs, p_prefd, p_upper;
+u_int p_satype, p_ext, p_alg_enc, p_alg_auth, p_replay;
+u_int p_key_enc_len, p_key_auth_len;
+caddr_t p_key_enc, p_key_auth;
+time_t p_lt_hard, p_lt_soft;
+
+u_int p_policy_len;
+char *p_policy;
+
+/* temporary buffer */
+static struct sockaddr *pp_addr;
+static u_int pp_prefix = ~0;
+static u_int pp_port = 0;
+static caddr_t pp_key;
+
+extern u_char m_buf[BUFSIZ];
+extern int m_len;
+extern char cmdarg[8192];
+extern int f_debug;
+
+int setkeymsg __P((void));
+static int setvarbuf __P((int *, struct sadb_ext *, int, caddr_t, int));
+void parse_init __P((void));
+void free_buffer __P((void));
+
+extern int setkeymsg __P((void));
+extern int sendkeymsg __P((void));
+
+extern int yylex __P((void));
+extern void yyerror __P((char *));
+%}
+
+%union {
+ unsigned long num;
+ vchar_t val;
+}
+
+%token EOT
+%token ADD GET DELETE FLUSH DUMP
+%token IP4_ADDRESS IP6_ADDRESS PREFIX PORT HOSTNAME
+%token UP_PROTO PR_ESP PR_AH PR_IPCOMP
+%token DECSTRING QUOTEDSTRING HEXSTRING
+%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
+%token ALG_AUTH ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_COMP EXTENSION
+%token F_LIFETIME_HARD F_LIFETIME_SOFT
+ /* SPD management */
+%token SPDADD SPDDELETE SPDDUMP SPDFLUSH
+%token F_POLICY PL_REQUESTS
+
+%%
+commands:
+ /* empty */
+ | commands command
+ {
+ if (f_debug) {
+ printf("cmdarg:\n%s\n", cmdarg);
+ } else {
+ setkeymsg();
+ sendkeymsg();
+ }
+ free_buffer();
+ parse_init();
+ }
+ ;
+
+command:
+ add_command
+ | get_command
+ | delete_command
+ | flush_command
+ | dump_command
+ | spdadd_command
+ | spddelete_command
+ | spddump_command
+ | spdflush_command
+ ;
+ /* commands concerned with management, there is in tail of this file. */
+
+ /* add command */
+add_command:
+ ADD
+ {
+ p_type = yylval.num;
+ }
+ selector_spec protocol_spec lifetime_hard lifetime_soft EOT
+ ;
+
+ /* delete */
+delete_command:
+ DELETE
+ {
+ p_type = yylval.num;
+ }
+ selector_spec protocol_spec0 EOT
+ ;
+
+ /* get command */
+get_command:
+ GET
+ {
+ p_type = yylval.num;
+ }
+ selector_spec protocol_spec0 EOT
+ ;
+
+ /* flush */
+flush_command:
+ FLUSH
+ {
+ p_type = yylval.num;
+ }
+ protocol_spec0 EOT
+ ;
+
+ /* dump */
+dump_command:
+ DUMP
+ {
+ p_type = yylval.num;
+ }
+ protocol_spec0 EOT
+ ;
+
+ /* selector_spec */
+selector_spec:
+ src_spec dst_spec upper_spec spi proxy_spec
+ ;
+
+src_spec:
+ ip_address
+ {
+ p_src = pp_addr;
+ }
+ prefix
+ {
+ p_prefs = pp_prefix;
+ /* initialize */
+ pp_prefix = ~0;
+ }
+ port
+ {
+ _INPORTBYSA(p_src) = pp_port;
+ p_ports = pp_port;
+
+ /* initialize */
+ pp_port = 0;
+ }
+ ;
+
+dst_spec:
+ ip_address
+ {
+ p_dst = pp_addr;
+ }
+ prefix
+ {
+ p_prefd = pp_prefix;
+ /* initialize */
+ pp_prefix = ~0;
+ }
+ port
+ {
+ _INPORTBYSA(p_dst) = pp_port;
+ p_portd = pp_port;
+
+ /* initialize */
+ pp_port = 0;
+ }
+ ;
+
+upper_spec:
+ DECSTRING { p_upper = $1.num; }
+ | UP_PROTO { p_upper = $1.num; }
+ | PR_ESP { p_upper = IPPROTO_ESP; };
+ | PR_AH { p_upper = IPPROTO_AH; };
+ | PR_IPCOMP { p_upper = IPPROTO_IPCOMP; };
+ ;
+
+spi:
Home |
Main Index |
Thread Index |
Old Index