Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys allow userland to specify SPD ID. more readable debuggi...
details: https://anonhg.NetBSD.org/src/rev/99c7905fe344
branches: trunk
changeset: 550820:99c7905fe344
user: itojun <itojun%NetBSD.org@localhost>
date: Fri Aug 22 06:22:21 2003 +0000
description:
allow userland to specify SPD ID. more readable debugging messages.
diffstat:
sys/netinet6/ipsec.c | 10 ++--
sys/netinet6/ipsec.h | 7 ++-
sys/netkey/key.c | 54 +++++++++++++++++++-----
sys/netkey/key.h | 6 +-
sys/netkey/key_debug.c | 107 +++++++++++++++++++++++++++++++++++++++++++++---
sys/netkey/keydb.c | 57 ++++++++++++++-----------
sys/netkey/keydb.h | 5 +-
7 files changed, 192 insertions(+), 54 deletions(-)
diffs (truncated from 478 to 300 lines):
diff -r 52f79295ac05 -r 99c7905fe344 sys/netinet6/ipsec.c
--- a/sys/netinet6/ipsec.c Fri Aug 22 06:21:09 2003 +0000
+++ b/sys/netinet6/ipsec.c Fri Aug 22 06:22:21 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.c,v 1.71 2003/07/22 11:18:26 itojun Exp $ */
+/* $NetBSD: ipsec.c,v 1.72 2003/08/22 06:22:21 itojun Exp $ */
/* $KAME: ipsec.c,v 1.136 2002/05/19 00:36:39 itojun Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.71 2003/07/22 11:18:26 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ipsec.c,v 1.72 2003/08/22 06:22:21 itojun Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -1102,9 +1102,9 @@
panic("ipsec_init_pcbpolicy: NULL pointer was passed.");
if (!initialized) {
- if ((in = key_newsp()) == NULL)
+ if ((in = key_newsp(0)) == NULL)
return ENOBUFS;
- if ((out = key_newsp()) == NULL) {
+ if ((out = key_newsp(0)) == NULL) {
key_freesp(in);
in = NULL;
return ENOBUFS;
@@ -1210,7 +1210,7 @@
struct ipsecrequest *r;
struct secpolicy *dst;
- dst = key_newsp();
+ dst = key_newsp(0);
if (src == NULL || dst == NULL)
return NULL;
diff -r 52f79295ac05 -r 99c7905fe344 sys/netinet6/ipsec.h
--- a/sys/netinet6/ipsec.h Fri Aug 22 06:21:09 2003 +0000
+++ b/sys/netinet6/ipsec.h Fri Aug 22 06:22:21 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec.h,v 1.33 2003/07/23 00:27:25 itojun Exp $ */
+/* $NetBSD: ipsec.h,v 1.34 2003/08/22 06:22:23 itojun Exp $ */
/* $KAME: ipsec.h,v 1.51 2001/08/05 04:52:58 itojun Exp $ */
/*
@@ -77,6 +77,11 @@
int refcnt; /* reference count */
struct secpolicyindex *spidx; /* selector - NULL if not valid */
u_int32_t id; /* It's unique number on the system. */
+#define IPSEC_MANUAL_POLICYID_MAX 0x3fff
+ /*
+ * 1 - 0x3fff are reserved for user operation.
+ * 0 are reserved. Others are for kernel use.
+ */
u_int state; /* 0: dead, others: alive */
#define IPSEC_SPSTATE_DEAD 0
#define IPSEC_SPSTATE_ALIVE 1
diff -r 52f79295ac05 -r 99c7905fe344 sys/netkey/key.c
--- a/sys/netkey/key.c Fri Aug 22 06:21:09 2003 +0000
+++ b/sys/netkey/key.c Fri Aug 22 06:22:21 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: key.c,v 1.88 2003/08/22 05:48:27 itojun Exp $ */
+/* $NetBSD: key.c,v 1.89 2003/08/22 06:22:24 itojun Exp $ */
/* $KAME: key.c,v 1.299 2003/07/25 08:48:05 sakane Exp $ */
/*
@@ -35,7 +35,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.88 2003/08/22 05:48:27 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key.c,v 1.89 2003/08/22 06:22:24 itojun Exp $");
#include "opt_inet.h"
#include "opt_ipsec.h"
@@ -965,14 +965,41 @@
}
struct secpolicy *
-key_newsp()
+key_newsp(id)
+ u_int32_t id;
{
- struct secpolicy *newsp = NULL;
+ struct secpolicy *newsp = NULL, *sp;
+ u_int32_t newid;
+
+ if (id > IPSEC_MANUAL_POLICYID_MAX) {
+ ipseclog((LOG_DEBUG,
+ "key_newsp: policy_id=%u range "
+ "violation, updated by kernel.\n", id));
+ id = 0;
+ }
+
+ if (id == 0) {
+ if ((newid = keydb_newspid()) == 0) {
+ ipseclog((LOG_DEBUG,
+ "key_newsp: new policy_id allocation failed."));
+ return NULL;
+ }
+ } else {
+ sp = key_getspbyid(id);
+ if (sp != NULL) {
+ ipseclog((LOG_DEBUG,
+ "key_newsp: policy_id(%u) has been used.\n", id));
+ key_freesp(sp);
+ return NULL;
+ }
+ newid = id;
+ }
newsp = keydb_newsecpolicy();
if (!newsp)
return newsp;
+ newsp->id = newid;
newsp->refcnt = 1;
newsp->req = NULL;
@@ -1003,7 +1030,7 @@
return NULL;
}
- if ((newsp = key_newsp()) == NULL) {
+ if ((newsp = key_newsp(xpl0->sadb_x_policy_id)) == NULL) {
*error = ENOBUFS;
return NULL;
}
@@ -1562,14 +1589,14 @@
for (isr = newsp->req; isr; isr = isr->next) {
struct sockaddr *sa;
- if (isr->saidx.src.ss_family) {
+ if (isr->saidx.src.ss_family && src0) {
sa = (struct sockaddr *)(src0 + 1);
if (sa->sa_family != isr->saidx.src.ss_family) {
keydb_delsecpolicy(newsp);
return key_senderror(so, m, EINVAL);
}
}
- if (isr->saidx.dst.ss_family) {
+ if (isr->saidx.dst.ss_family && dst0) {
sa = (struct sockaddr *)(dst0 + 1);
if (sa->sa_family != isr->saidx.dst.ss_family) {
keydb_delsecpolicy(newsp);
@@ -1588,7 +1615,8 @@
LIST_INSERT_TAIL(&sptree[newsp->dir], newsp, secpolicy, chain);
/* delete the entry in spacqtree */
- if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE) {
+ if (mhp->msg->sadb_msg_type == SADB_X_SPDUPDATE &&
+ mhp->ext[SADB_EXT_ADDRESS_SRC]) {
struct secspacq *spacq;
if ((spacq = key_getspacq(&spidx)) != NULL) {
/* reset counter in order to deletion by timehandler. */
@@ -1925,6 +1953,10 @@
panic("key_spdacquire: called but there is request.");
if (sp->policy != IPSEC_POLICY_IPSEC)
panic("key_spdacquire: policy mismathed. IPsec is expected.");
+ if (!sp->spidx) {
+ error = EOPNOTSUPP;
+ goto fail;
+ }
#ifndef IPSEC_NONBLOCK_ACQUIRE
/* get an entry to check whether sent message or not. */
@@ -5788,7 +5820,7 @@
bcopy(saidx, &newacq->saidx, sizeof(newacq->saidx));
newacq->seq = (acq_seq == ~0 ? 1 : ++acq_seq);
newacq->created = time.tv_sec;
- newacq->count = 0;
+ newacq->count = 1;
return newacq;
}
@@ -7045,7 +7077,7 @@
/* system default */
#ifdef INET
- ip4_def_policy = key_newsp();
+ ip4_def_policy = key_newsp(0);
if (!ip4_def_policy)
panic("could not initialize IPv4 default security policy");
ip4_def_policy->state = IPSEC_SPSTATE_ALIVE;
@@ -7054,7 +7086,7 @@
ip4_def_policy->readonly = 1;
#endif
#ifdef INET6
- ip6_def_policy = key_newsp();
+ ip6_def_policy = key_newsp(0);
if (!ip6_def_policy)
panic("could not initialize IPv6 default security policy");
ip6_def_policy->state = IPSEC_SPSTATE_ALIVE;
diff -r 52f79295ac05 -r 99c7905fe344 sys/netkey/key.h
--- a/sys/netkey/key.h Fri Aug 22 06:21:09 2003 +0000
+++ b/sys/netkey/key.h Fri Aug 22 06:22:21 2003 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: key.h,v 1.13 2003/08/22 05:48:28 itojun Exp $ */
-/* $KAME: key.h,v 1.19 2000/10/05 04:02:58 itojun Exp $ */
+/* $NetBSD: key.h,v 1.14 2003/08/22 06:22:26 itojun Exp $ */
+/* $KAME: key.h,v 1.28 2003/06/29 07:00:54 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -53,7 +53,7 @@
u_int, u_int32_t));
extern void key_freesp __P((struct secpolicy *));
extern void key_freesav __P((struct secasvar *));
-extern struct secpolicy *key_newsp __P((void));
+extern struct secpolicy *key_newsp __P((u_int32_t));
extern struct secpolicy *key_msg2sp __P((struct sadb_x_policy *,
size_t, int *));
extern struct mbuf *key_sp2msg __P((struct secpolicy *));
diff -r 52f79295ac05 -r 99c7905fe344 sys/netkey/key_debug.c
--- a/sys/netkey/key_debug.c Fri Aug 22 06:21:09 2003 +0000
+++ b/sys/netkey/key_debug.c Fri Aug 22 06:22:21 2003 +0000
@@ -1,5 +1,5 @@
-/* $NetBSD: key_debug.c,v 1.25 2003/08/22 05:48:28 itojun Exp $ */
-/* $KAME: key_debug.c,v 1.29 2001/08/16 14:25:41 itojun Exp $ */
+/* $NetBSD: key_debug.c,v 1.26 2003/08/22 06:22:26 itojun Exp $ */
+/* $KAME: key_debug.c,v 1.36 2003/06/27 06:46:01 itojun Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -31,7 +31,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.25 2003/08/22 05:48:28 itojun Exp $");
+__KERNEL_RCSID(0, "$NetBSD: key_debug.c,v 1.26 2003/08/22 06:22:26 itojun Exp $");
#ifdef _KERNEL
#include "opt_inet.h"
@@ -58,6 +58,15 @@
#include <stdlib.h>
#endif /* !_KERNEL */
+struct typestr {
+ const char *string;
+ u_int type;
+};
+#define TYPESTR(x) { "SADB_" #x, SADB_ ## x }
+
+static const char *kdebug_typestr __P((u_int, const struct typestr *));
+static const char *kdebug_sadb_msg_typestr __P((u_int));
+static const char *kdebug_sadb_ext_typestr __P((u_int));
static void kdebug_sadb_prop __P((struct sadb_ext *));
static void kdebug_sadb_identity __P((struct sadb_ext *));
static void kdebug_sadb_supported __P((struct sadb_ext *));
@@ -75,6 +84,88 @@
#define panic(param) { printf(param); exit(1); }
#endif
+static const char *
+kdebug_typestr(type, list)
+ u_int type;
+ const struct typestr *list;
+{
+ static char buf[32];
+
+ while (list->string != NULL) {
+ if (type == list->type)
+ return (list->string);
+ list++;
+ }
+ snprintf(buf, sizeof(buf), "%u", type);
+
+ return (buf);
+}
+
+static const char *
+kdebug_sadb_msg_typestr(type)
+ u_int type;
+{
+ static const struct typestr list[] = {
+ TYPESTR(RESERVED),
+ TYPESTR(GETSPI),
+ TYPESTR(UPDATE),
+ TYPESTR(ADD),
+ TYPESTR(DELETE),
+ TYPESTR(GET),
+ TYPESTR(ACQUIRE),
+ TYPESTR(REGISTER),
+ TYPESTR(EXPIRE),
+ TYPESTR(FLUSH),
+ TYPESTR(DUMP),
+ TYPESTR(X_PROMISC),
+ TYPESTR(X_PCHANGE),
+ TYPESTR(X_SPDUPDATE),
+ TYPESTR(X_SPDADD),
+ TYPESTR(X_SPDDELETE),
+ TYPESTR(X_SPDGET),
+ TYPESTR(X_SPDACQUIRE),
+ TYPESTR(X_SPDDUMP),
+ TYPESTR(X_SPDFLUSH),
+ TYPESTR(X_SPDSETIDX),
+ TYPESTR(X_SPDEXPIRE),
Home |
Main Index |
Thread Index |
Old Index