Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sbin/setkey warn that port-number does not work for gateway ...
details: https://anonhg.NetBSD.org/src/rev/57b61b7e6644
branches: trunk
changeset: 551535:57b61b7e6644
user: itojun <itojun%NetBSD.org@localhost>
date: Sun Sep 07 22:18:58 2003 +0000
description:
warn that port-number does not work for gateway config. PR kern/22715
add reference. bump date.
diffstat:
sbin/setkey/parse.y | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++-
sbin/setkey/setkey.8 | 28 ++++++++++++++++++++++++--
sbin/setkey/token.l | 3 +-
3 files changed, 79 insertions(+), 5 deletions(-)
diffs (165 lines):
diff -r c0c96301bbff -r 57b61b7e6644 sbin/setkey/parse.y
--- a/sbin/setkey/parse.y Sun Sep 07 22:17:43 2003 +0000
+++ b/sbin/setkey/parse.y Sun Sep 07 22:18:58 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: parse.y,v 1.11 2003/07/26 15:28:24 mrg Exp $ */
+/* $NetBSD: parse.y,v 1.12 2003/09/07 22:18:58 itojun Exp $ */
/* $KAME: parse.y,v 1.80 2003/06/27 07:15:45 itojun Exp $ */
/*
@@ -72,6 +72,7 @@
int setkeymsg0 __P((struct sadb_msg *, unsigned int, unsigned int, size_t));
static int setkeymsg_spdaddr __P((unsigned int, unsigned int, vchar_t *,
struct addrinfo *, int, struct addrinfo *, int));
+static int setkeymsg_spdaddr_tag __P((unsigned int, char *, vchar_t *));
static int setkeymsg_addr __P((unsigned int, unsigned int,
struct addrinfo *, struct addrinfo *, int));
static int setkeymsg_add __P((unsigned int, unsigned int,
@@ -106,6 +107,7 @@
%token SPDADD SPDDELETE SPDDUMP SPDFLUSH
%token F_POLICY PL_REQUESTS
%token F_AIFLAGS
+%token TAGGED
%type <num> prefix protocol_spec upper_spec
%type <num> ALG_ENC ALG_ENC_DESDERIV ALG_ENC_DES32IV ALG_ENC_OLD ALG_ENC_NOKEY
@@ -502,6 +504,15 @@
if (status < 0)
return -1;
}
+ | SPDADD TAGGED QUOTEDSTRING policy_spec EOT
+ {
+ int status;
+
+ status = setkeymsg_spdaddr_tag(SADB_X_SPDADD,
+ $3.buf, &$4);
+ if (status < 0)
+ return -1;
+ }
;
spddelete_command
@@ -798,6 +809,46 @@
return 0;
}
+static int
+setkeymsg_spdaddr_tag(type, tag, policy)
+ unsigned int type;
+ char *tag;
+ vchar_t *policy;
+{
+ struct sadb_msg *msg;
+ char buf[BUFSIZ];
+ int l, l0;
+ struct sadb_x_tag m_tag;
+ int n;
+
+ msg = (struct sadb_msg *)buf;
+
+ /* fix up length afterwards */
+ setkeymsg0(msg, type, SADB_SATYPE_UNSPEC, 0);
+ l = sizeof(struct sadb_msg);
+
+ memcpy(buf + l, policy->buf, policy->len);
+ l += policy->len;
+
+ l0 = l;
+ n = 0;
+
+ memset(&m_tag, 0, sizeof(m_tag));
+ m_tag.sadb_x_tag_len = PFKEY_UNIT64(sizeof(m_tag));
+ m_tag.sadb_x_tag_exttype = SADB_X_EXT_TAG;
+ if (strlcpy(m_tag.sadb_x_tag_name, tag,
+ sizeof(m_tag.sadb_x_tag_name)) >= sizeof(m_tag.sadb_x_tag_name))
+ return -1;
+ memcpy(buf + l, &m_tag, sizeof(m_tag));
+ l += sizeof(m_tag);
+
+ msg->sadb_msg_len = PFKEY_UNIT64(l);
+
+ sendkeymsg(buf, l);
+
+ return 0;
+}
+
/* XXX NO BUFFER OVERRUN CHECK! BAD BAD! */
static int
setkeymsg_addr(type, satype, srcs, dsts, no_spi)
diff -r c0c96301bbff -r 57b61b7e6644 sbin/setkey/setkey.8
--- a/sbin/setkey/setkey.8 Sun Sep 07 22:17:43 2003 +0000
+++ b/sbin/setkey/setkey.8 Sun Sep 07 22:18:58 2003 +0000
@@ -1,5 +1,5 @@
-.\" $NetBSD: setkey.8,v 1.21 2003/07/25 10:09:38 itojun Exp $
-.\" $KAME: setkey.8,v 1.86 2003/07/25 09:53:01 itojun Exp $
+.\" $NetBSD: setkey.8,v 1.22 2003/09/07 22:18:58 itojun Exp $
+.\" $KAME: setkey.8,v 1.87 2003/09/07 22:16:01 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, 1998, and 1999 WIDE Project.
.\" All rights reserved.
@@ -28,7 +28,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd July 25, 2003
+.Dd September 7, 2003
.Dt SETKEY 8
.Os
.\"
@@ -185,6 +185,15 @@
Add an SPD entry.
.\"
.It Xo
+.Li spdadd tagged
+.Ar tag Ar policy
+.Li ;
+.Xc
+Add an SPD entry based on PF tag.
+.Ar tag
+must be a string surrounded by doublequote.
+.\"
+.It Xo
.Li spddelete
.Op Fl 46n
.Ar src_range Ar dst_range Ar upperspec Fl P Ar direction
@@ -642,6 +651,11 @@
.Xr ipsec_set_policy 3 ,
.Xr racoon 8 ,
.Xr sysctl 8
+.Rs
+.%T "Changed manual key configuration for IPsec"
+.%O "http://www.kame.net/newsletter/19991007/";
+.%D "October 1999"
+.Re
.\"
.Sh HISTORY
The
@@ -652,3 +666,11 @@
.Sh BUGS
.Nm
should report and handle syntax errors better.
+.Pp
+For IPsec gateway configuration,
+.Ar src_range
+and
+.Ar dst_range
+with TCP/UDP port number do not work, as the gateway does not reassemble
+packets
+.Pq cannot inspect upper-layer headers .
diff -r c0c96301bbff -r 57b61b7e6644 sbin/setkey/token.l
--- a/sbin/setkey/token.l Sun Sep 07 22:17:43 2003 +0000
+++ b/sbin/setkey/token.l Sun Sep 07 22:18:58 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: token.l,v 1.11 2003/07/25 10:09:38 itojun Exp $ */
+/* $NetBSD: token.l,v 1.12 2003/09/07 22:18:58 itojun Exp $ */
/* $KAME: token.l,v 1.43 2003/07/25 09:35:28 itojun Exp $ */
/*
@@ -106,6 +106,7 @@
spddelete { return(SPDDELETE); }
spddump { return(SPDDUMP); }
spdflush { return(SPDFLUSH); }
+tagged { return(TAGGED); }
{hyphen}P { BEGIN S_PL; return(F_POLICY); }
<S_PL>[a-zA-Z0-9:\.\-_/ \n\t][a-zA-Z0-9:\.%\-_/ \n\t]* {
yymore();
Home |
Main Index |
Thread Index |
Old Index