Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-3]: src/crypto/dist/ipsec-tools/src Pull up revision 1.2 (request...
details: https://anonhg.NetBSD.org/src/rev/020dfb070218
branches: netbsd-3
changeset: 575321:020dfb070218
user: tron <tron%NetBSD.org@localhost>
date: Tue Apr 12 09:29:41 2005 +0000
description:
Pull up revision 1.2 (requested by manu in ticket #132):
Resurrect TCP-MD5 support. This fixes bin/29915
diffstat:
crypto/dist/ipsec-tools/src/libipsec/pfkey.c | 29 +++++++++++++++++++++-
crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c | 7 ++++-
crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c | 8 +++++-
crypto/dist/ipsec-tools/src/setkey/parse.y | 17 +++++++++++--
crypto/dist/ipsec-tools/src/setkey/setkey.8 | 8 +++++-
crypto/dist/ipsec-tools/src/setkey/token.l | 7 ++++-
6 files changed, 67 insertions(+), 9 deletions(-)
diffs (235 lines):
diff -r 46af6a8c6381 -r 020dfb070218 crypto/dist/ipsec-tools/src/libipsec/pfkey.c
--- a/crypto/dist/ipsec-tools/src/libipsec/pfkey.c Sun Apr 10 22:23:33 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/pfkey.c Tue Apr 12 09:29:41 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkey.c,v 1.1.1.2 2005/02/23 14:54:09 manu Exp $ */
+/* $NetBSD: pfkey.c,v 1.1.1.2.2.1 2005/04/12 09:29:41 tron Exp $ */
/* $KAME: pfkey.c,v 1.47 2003/10/02 19:52:12 itojun Exp $ */
@@ -95,12 +95,19 @@
/*
* make and search supported algorithm structure.
*/
-static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL, };
+static struct sadb_supported *ipsec_supported[] = { NULL, NULL, NULL,
+#ifdef SADB_X_SATYPE_TCPSIGNATURE
+ NULL,
+#endif
+};
static int supported_map[] = {
SADB_SATYPE_AH,
SADB_SATYPE_ESP,
SADB_X_SATYPE_IPCOMP,
+#ifdef SADB_X_SATYPE_TCPSIGNATURE
+ SADB_X_SATYPE_TCPSIGNATURE,
+#endif
};
static int
@@ -1262,6 +1269,18 @@
return -1;
}
break;
+#ifdef SADB_X_AALG_TCP_MD5
+ case SADB_X_SATYPE_TCPSIGNATURE:
+ if (e_type != SADB_EALG_NONE) {
+ __ipsec_errcode = EIPSEC_INVAL_ALGS;
+ return -1;
+ }
+ if (a_type != SADB_X_AALG_TCP_MD5) {
+ __ipsec_errcode = EIPSEC_INVAL_ALGS;
+ return -1;
+ }
+ break;
+#endif
default:
__ipsec_errcode = EIPSEC_INVAL_SATYPE;
return -1;
@@ -1545,6 +1564,9 @@
case SADB_SATYPE_AH:
case SADB_SATYPE_ESP:
case SADB_X_SATYPE_IPCOMP:
+#ifdef SADB_X_SATYPE_TCPSIGNATURE
+ case SADB_X_SATYPE_TCPSIGNATURE:
+#endif
break;
default:
__ipsec_errcode = EIPSEC_INVAL_SATYPE;
@@ -2016,6 +2038,9 @@
case SADB_SATYPE_ESP:
case SADB_SATYPE_AH:
case SADB_X_SATYPE_IPCOMP:
+#ifdef SADB_X_SATYPE_TCPSIGNATURE
+ case SADB_X_SATYPE_TCPSIGNATURE:
+#endif
switch (msg->sadb_msg_type) {
case SADB_X_SPDADD:
case SADB_X_SPDDELETE:
diff -r 46af6a8c6381 -r 020dfb070218 crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c
--- a/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c Sun Apr 10 22:23:33 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c Tue Apr 12 09:29:41 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: pfkey_dump.c,v 1.1.1.2 2005/02/23 14:54:09 manu Exp $ */
+/* $NetBSD: pfkey_dump.c,v 1.1.1.2.2.1 2005/04/12 09:29:41 tron Exp $ */
/* $KAME: pfkey_dump.c,v 1.45 2003/09/08 10:14:56 itojun Exp $ */
@@ -130,6 +130,8 @@
"ripv2",
"mip",
"ipcomp",
+ "policy",
+ "tcp",
};
static char *str_mode[] = {
@@ -152,6 +154,9 @@
{ SADB_X_AALG_MD5, "md5", },
{ SADB_X_AALG_SHA, "sha", },
{ SADB_X_AALG_NULL, "null", },
+#ifdef SADB_X_AALG_TCP_MD5
+ { SADB_X_AALG_TCP_MD5, "tcp-md5", },
+#endif
#ifdef SADB_X_AALG_SHA2_256
{ SADB_X_AALG_SHA2_256, "hmac-sha2-256", },
#endif
diff -r 46af6a8c6381 -r 020dfb070218 crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c
--- a/crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c Sun Apr 10 22:23:33 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c Tue Apr 12 09:29:41 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_agg.c,v 1.1.1.2 2005/02/23 14:54:18 manu Exp $ */
+/* $NetBSD: isakmp_agg.c,v 1.1.1.2.2.1 2005/04/12 09:29:41 tron Exp $ */
/* Id: isakmp_agg.c,v 1.20 2005/01/29 16:34:25 vanhu Exp */
@@ -302,6 +302,12 @@
for (i = 0; i < MAX_NATT_VID_COUNT && vid_natt[i] != NULL; i++)
vfree(vid_natt[i]);
#endif
+#ifdef ENABLE_HYBRID
+ if (vid_xauth != NULL)
+ vfree(vid_xauth);
+ if (vid_unity != NULL)
+ vfree(vid_unity);
+#endif
#ifdef ENABLE_DPD
if (vid_dpd != NULL)
vfree(vid_dpd);
diff -r 46af6a8c6381 -r 020dfb070218 crypto/dist/ipsec-tools/src/setkey/parse.y
--- a/crypto/dist/ipsec-tools/src/setkey/parse.y Sun Apr 10 22:23:33 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/setkey/parse.y Tue Apr 12 09:29:41 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.1.1.2 2005/02/23 14:54:39 manu Exp $ */
+/* $NetBSD: parse.y,v 1.1.1.2.2.1 2005/04/12 09:29:41 tron Exp $ */
/* $KAME: parse.y,v 1.81 2003/07/01 04:01:48 itojun Exp $ */
@@ -122,7 +122,7 @@
%token EOT SLASH BLCL ELCL
%token ADD GET DELETE DELETEALL FLUSH DUMP EXIT
-%token PR_ESP PR_AH PR_IPCOMP PR_ESPUDP
+%token PR_ESP PR_AH PR_IPCOMP PR_ESPUDP PR_TCP
%token F_PROTOCOL F_AUTH F_ENC F_REPLAY F_COMP F_RAWCPI
%token F_MODE MODE F_REQID
%token F_EXT EXTENSION NOCYCLICSEQ
@@ -142,7 +142,7 @@
%type <num> ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD ALG_ENC_NOKEY
%type <num> ALG_AUTH ALG_AUTH_NOKEY
%type <num> ALG_COMP
-%type <num> PR_ESP PR_AH PR_IPCOMP PR_ESPUDP
+%type <num> PR_ESP PR_AH PR_IPCOMP PR_ESPUDP PR_TCP
%type <num> EXTENSION MODE
%type <ulnum> DECSTRING
%type <val> PL_REQUESTS portstr key_string
@@ -294,6 +294,12 @@
p_natt_oa = $2;
p_natt_type = UDP_ENCAP_ESPINUDP;
}
+ | PR_TCP
+ {
+#ifdef SADB_X_SATYPE_TCPSIGNATURE
+ $$ = SADB_X_SATYPE_TCPSIGNATURE;
+#endif
+ }
;
spi
@@ -759,6 +765,11 @@
upper_spec
: DECSTRING { $$ = $1; }
| ANY { $$ = IPSEC_ULPROTO_ANY; }
+ | PR_TCP {
+#ifdef SADB_X_SATYPE_TCPSIGNATURE
+ $$ = IPPROTO_TCP;
+#endif
+ }
| STRING
{
struct protoent *ent;
diff -r 46af6a8c6381 -r 020dfb070218 crypto/dist/ipsec-tools/src/setkey/setkey.8
--- a/crypto/dist/ipsec-tools/src/setkey/setkey.8 Sun Apr 10 22:23:33 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/setkey/setkey.8 Tue Apr 12 09:29:41 2005 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: setkey.8,v 1.1.1.2 2005/02/23 14:54:39 manu Exp $
+.\" $NetBSD: setkey.8,v 1.1.1.2.2.1 2005/04/12 09:29:41 tron Exp $
.\"
.\" $KAME: setkey.8,v 1.93 2003/09/24 23:44:46 itojun Exp $
.\"
@@ -288,6 +288,8 @@
AH based on rfc1826
.It Li ipcomp
IPComp
+.It Li tcp
+TCP-MD5 based on rfc2385
.El
.\"
.Pp
@@ -301,6 +303,8 @@
prefix.
SPI values between 0 and 255 are reserved for future use by IANA
and they cannot be used.
+TCP-MD5 associations must use 0x1000 and therefore only have per-host
+granularity at this time.
.\"
.Pp
.It Ar extensions
@@ -664,6 +668,7 @@
ah-old: 128bit ICV (no document)
aes-xcbc-mac 128 ah: 96bit ICV (RFC3566)
128 ah-old: 128bit ICV (no document)
+tcp-md5 8 to 640 tcp: rfc2385
.Ed
.Pp
Followings are the list of encryption algorithms that can be used as
@@ -748,6 +753,7 @@
spdadd 10.0.11.41/32[21] 10.0.11.33/32[any] any
-P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ;
+add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ;
.Ed
.\"
.Sh SEE ALSO
diff -r 46af6a8c6381 -r 020dfb070218 crypto/dist/ipsec-tools/src/setkey/token.l
--- a/crypto/dist/ipsec-tools/src/setkey/token.l Sun Apr 10 22:23:33 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/setkey/token.l Tue Apr 12 09:29:41 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.1.1.2 2005/02/23 14:54:40 manu Exp $ */
+/* $NetBSD: token.l,v 1.1.1.2.2.1 2005/04/12 09:29:41 tron Exp $ */
/* $KAME: token.l,v 1.44 2003/10/21 07:20:58 itojun Exp $ */
@@ -177,6 +177,11 @@
esp-old { yylval.num = 1; return(PR_ESP); }
esp-udp { yylval.num = 0; return(PR_ESPUDP); }
ipcomp { yylval.num = 0; return(PR_IPCOMP); }
+tcp {
+#ifdef SADB_X_SATYPE_TCPSIGNATURE
+ yylval.num = 0; return(PR_TCP);
+#endif
+ }
/* authentication alogorithm */
{hyphen}A { BEGIN S_AUTHALG; return(F_AUTH); }
Home |
Main Index |
Thread Index |
Old Index